Publication Date: 2021 May 7
Update Date: 2021 May 7
Philips is currently monitoring developments and updates related to the Cybersecurity & Infrastructure Security Agency (CISA) advisory (ICSA-21-119-04). We are aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting libraries.
Successful exploitation of these vulnerabilities could result in unexpected behavior such as a crash or a remote code injection/execution. This critical vulnerability (CVSS v3 9.8) affects multiple RTOS vendors, most of whom already have a mitigation available.
Philips is currently reviewing the impact of this vulnerability on our products. Should we become aware of an affected product, we will post that information here.