Microsoft researchers on Thursday disclosed two dozen vulnerabilities affecting a wide range of Internet of Things (IoT) and Operational Technology (OT) devices. The flaws have been collectively named “BadAlloc,” for they are rooted in standard memory allocation functions spanning widely used real-time operating systems (RTOS), embedded software development kits (SDKs), and C standard library (libc) implementations. A lack of proper input validations could enable an adversary to perform a heap overflow, leading to the execution of malicious code on a vulnerable device.
Source: https://thehackernews.com/2021/04/microsoft-finds-badalloc-flaws.html