A Timesys Deep Dive Embedded Systems Newsletter

February 2022

Cybersecurity in the News: Nasty Linux Kernel Stack Overflow Flaw Found and Patched

According to a recent article from The New Stack, “Another obnoxious security bug, CVE-2022-0435: A Remote Stack Overflow in The Linux Kernel was found by Appgate senior exploit developer Samuel Page while he was poking around at a Linux heap overflow security bug, CVE-2021-43267 from November 2021. Page’s discovery is a remotely and locally reachable stack overflow in the Linux kernel’s Transparent Inter-Process Communication (TIPC) protocol networking module.”

Luckily, there are already patches available. You can check out the full information on this CVE on the Timesys Vigiles database here (just sign up for a free account if you don’t already have one). This CVE is not yet in the National Vulnerability Database (NVD).

What if you had 4 extra weeks to catch vulnerabilities before they hit the public database? Would you be able to take action in that time? The Vigiles database can get information up to 4 weeks earlier than NVD. With early notification and up-to-date remediation information, you can be relaxing on vacation while your competitors are playing catch-up and staying late to secure their products.

Try Vigiles Prime free for 30 days

Feature: PetaLinux + Vigiles

Get early access to the results from our industry-wide survey

Vigiles Supports All Major Build System Integrations, Including PetaLinux

Easily run a Vigiles scan on a PetaLinux build environment with a 1-minute integration

Get early access to the results from our industry-wide survey
What’s new with Timesys Embedded Board Farm

Bring your embedded device into your CI/CT process with EBF

Tired of playing hot potato with an SD card to reflash your hardware when you want to run a build test? Is Jenkins smugly laughing at you in your fever dream state as you desperately wish you could exercise your embedded device within your modern CI/CT systems? Never fear – Embedded Board Farm is here.

You can now use a CI/CT tool like Jenkins to build an image that can be loaded onto your embedded board for running a test, using your choice of test automation framework.

Check out our latest video showing you this workflow using a Robot framework.

New features in the latest EBF release (Dec 2021)

  • Remote upgrade allowing administrators to manage software upgrade of EBF server and zombies from a central location
  • Enhanced user workflow by providing the share console option from the console window while doing pair debugging
  • UUU image flashing support for i.MX8
  • New Command-Line (CLI) and REST API for video image and audio capture
  • Improved video/audio live streaming with frame rate and resolution control
  • ADB (Android Debug Console) support over USB

 

Learn with Timesys

Read up on hardening with our two latest blogs

Discretionary Access Control (DAC) Hardening

Discretionary Access Control hardening can further improve your embedded system’s security by limiting userspace access to proprietary intellectual property, exploitable binaries, and privileged information.

Securing your Linux Configuration (Kernel Hardening)

Learn about the process by which your kernel’s configuration can be strengthened to protect against common security exploits. This is sometimes referred to as hardening, or specifically in this context, kernel configuration hardening.

Upcoming Events

March Events You Don’t Want To Miss

HIMSS 22

Medical industry conference

Will you be at HIMSS in Orlando March 14-18? Come by and see us with our friends in the Advantech booth (#3911)! Want to schedule an in-person meeting with our CEO Atul Bansal? Shoot us a message here.

Security Vulnerability Management 101

Tool & Techniques to Monitor and Remediate Vulnerabilities in Your SBOM

March 24 @ 12 PM ET / 9 AM PT

Join us at the Embedded Tech Convention with 5000 of our closest friends! Discover the latest technological innovations and trends, expand your industry knowledge and extend your global professional network.

Let's Get Embedded

Tool & Techniques to Monitor and Remediate Vulnerabilities in Your SBOM
June 30 @ 12 PM ET / 9 AM PT

In this monthly live webinar and Q&A session, you’ll learn:

– Why you need to manage your open-source software risks 
– How to generate an accurate SBOM (Software Bills of Materials) and why it matters
– Tools and techniques to monitor and remediate vulnerabilities in your SBOM
– And much more!

 

Yes! I want to register for the live webinar and Q&A

Subscribe to our newsletter so you don’t miss a thing.