Has RTEMS ever had a CVE?

Joel Sherrill joel at rtems.org
Wed Sep 13 13:39:20 UTC 2023

On Wed, Sep 13, 2023 at 3:30 AM Schweikhardt, Jens (TSPCE6-TL5) <
Jens.Schweikhardt at tesat.de> wrote:

> Hello,
> I wonder if RTEMS ever had a vulnerability for which a CVE was created
> (only the RTEMS OS proper, not libbsd or newlib or other components).
> Search engine results don’t turn up much, if anything, so I’m inclined to
> think the answer is “no”.
> I found Gedare’s PDF about security hardening for EPICS/RTEMS talking a
> bit about
> vulnerabilities, but that does not mention any true CVEs against RTEMS.
> Can anyone say with certainty there are no CVEs against RTEMS?

There was one reported for the GoAhead webserver which we used to bundle
with RTEMS.
But that CVE was filed against that package years after we removed it.
Gedare Bloom posted
information about it in October 2021.


There has never (fingers crossed) been one reported against RTEMS. I would
expect there
have been CVEs against packages used with RTEMS which we get from third
parties. But
I don't know about any of those.

I'm not conceited enough to think it could never happen. It just hasn't.


> Jens
> ------------------------------
> Tesat-Spacecom GmbH & Co. KG
> Sitz: Backnang; Registergericht: Amtsgericht Stuttgart HRA 270977
> Persoenlich haftender Gesellschafter: Tesat-Spacecom Geschaeftsfuehrungs
> GmbH;
> Sitz: Backnang; Registergericht: Amtsgericht Stuttgart HRB 271658;
> Geschaeftsfuehrung: Thomas Reinartz, Kerstin Basche, Ralph Schmid
> [image: banner]
> _______________________________________________
> users mailing list
> users at rtems.org
> http://lists.rtems.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/users/attachments/20230913/c798ef93/attachment.htm>

More information about the users mailing list