United States
North America

Canada (FR)

Canada (EN)

Mexico

United States

South America

Argentina

Brasil

Chile

Colombia
Europe

Belgium (FR)

Belgium (NL)

Česká republika

Denmark

Europe

Suomi

France

Deutschland

Hebrew

Hungary (EN)

Hungary (HU)

Ireland

Italia

Nederland

Norge

Polska

Россия

España

Sverige

Schweiz

Türkiye

United Kingdom
Middle East / Africa

Middle East, North Africa

Africa

Asia / Pacific

Australia / New Zealand

中国

Greater Asia

India

Indonesia

日本

Korea

Malaysia

Philippines

Singapore

Thailand

Vietnam
Login

Third-party Vulnerability

BadAlloc

Sep 13, 2021

Bulletins

CRITICAL

BD is aware of and currently monitoring vulnerabilities found in multiple real-time operating systems (RTOS) and supporting libraries, collectively referred to as BadAlloc. These third-party vulnerabilities are not specific to BD or our products.

Of the 25 vulnerabilities known as BadAlloc, two have the potential to impact BD products. Neither are related to CISA Alert (AA21-229A). BD is providing this update to let customers know which BD products could be affected by these third-party vulnerabilities.

CVE-2020-28895 – In Windriver VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.

CVE-2020-35198 – In Windriver VxWorks, the APIs cacheDmaMalloc()/cacheArchDmaMalloc()/mmap64() align the size of the requested buffer with the memory page size of the target platform. If the requested size is large enough to cause integer overflow by the alignment calculation, a valid pointer to a buffer that is smaller than the requested size is returned, opening the door to use for heap overflow attacks.

There have been no reports of these vulnerabilities being exploited on BD products.

The product list below identifies existing BD products that utilize in-scope Windriver VxWorks products. The list may be updated as more products are identified. In addition, this list does not indicate the patch or device status. Please check back periodically for updates.

The BD product listed below is in scope for CVE-2020-28895 and CVE-2020-35198:

BD FocalPoint™ Slide Profiler

A successful attack on the BD FocalPoint Slide Profiler may impact system availability (i.e., may cause system downtime, requiring a service visit). As cervical cytology slides can be evaluated manually when the system is unavailable, lack of system availability is not anticipated to introduce a significant delay in results reporting.

BD is evaluating options for remediating the vulnerability via an upgrade to the VxWorks operating system. Please refer to the Bulletins and Patches page for all approved product security patching notifications.

BD additionally recommends the following compensating controls for customers using BD products impacted by this vulnerability:

Customers should limit physical access to the affected devices to authorized users only. We recommend physically securing the system and its input devices behind barriers that require authentication or security clearance.

Customers with devices that utilize in-scope Windriver VxWorks products that are connected to an external network are advised to enforce network segmentation controls and proper network hygiene measures such as restricting external communication paths where applicable and isolating or containing vulnerable devices in zones accessible by authorized users.

For product or site-specific concerns, contact your BD service representative. If you believe a BD device on your network has been impacted by this third-party vulnerability, disconnect the device from the network and contact your BD service representative immediately.

US CERT Advisory: https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04