Lucene search

MitreCVE-2024-24254

HistoryFeb 06, 2024 - 10:16 p.m.

CVE-2024-24254

2024-02-0622:16:15

CWE-362

mitre

web.nvd.nist.gov

cve-2024-24254

px4 autopilot

race condition

geofence

mission feasibility checker

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

4.5

Confidence

High

EPSS

Percentile

13.3%

JSON

PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This will result in the drone uploading overlapping geofences and mission routes.

Affected configurations

Nvd

Node

dronecodepx4_drone_autopilotRange≤1.14.0

VendorProductVersionCPE
dronecodepx4_drone_autopilot*cpe:2.3:a:dronecode:px4_drone_autopilot:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dronecode	px4_drone_autopilot	*	cpe:2.3:a:dronecode:px4_drone_autopilot::::::::

References

github.com/Drone-Lab/PX4-Autopilot/blob/report-can-not-pause-vulnerability/Multi-Threaded%20Race%20Condition%20bug%20found%20in%20PX4%20cause%20drone%20can%20not%20PAUSE.md

github.com/PX4/PX4-Autopilot

CVSS3

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

4.5

Confidence

High

EPSS

Percentile

13.3%

JSON

Related for CVE-2024-24254