Memory leaks via %p/%x/%s specifiers (defeating ASLR) Arbitrary memory writes via %n Potential control-flow hijacking in the TELNET shell
This is a 2019 CVE that was part of a larger batch of issues in the Interpeak stack used in safety-critical systems. The report includes a working PoC demonstrating the full leak → write chain in a simulated avionics ground maintenance environment. Green Hills INTEGRITY is a high-assurance separation kernel widely used in aerospace, defense, and safety-critical applications. Would be interesting to hear from people who have worked with INTEGRITY or similar RTOSes on:
How common it still is to expose TELNET/maintenance interfaces during ground testing? Modern mitigation practices (partitioning, disabled networking in critical partitions, etc.)
No remote attack surface in normal flight configuration is claimed — only ground maintenance scenario.