Lucene search

EclipseCVELIST:CVE-2024-2214

HistoryMar 26, 2024 - 3:48 p.m.

CVE-2024-2214 Missing array size check in _Mtxinit() in the Xtensa port

2024-03-2615:48:36

CWE-129

eclipse

www.cve.org

cve-2024-2214

xtensa port

memory overwrite

ports/xtensa/xcc/src/tx_clib_lock.c

eclipse threadx

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

15.7%

JSON

In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the
Xtensa port was missing an array size check causing a memory overwrite.
The affected file was ports/xtensa/xcc/src/tx_clib_lock.c

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ThreadX",
    "repo": "https://github.com/eclipse-threadx/threadx/",
    "vendor": "Eclipse Foundation",
    "versions": [
      {
        "lessThan": "6.4.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2024/May/35

www.openwall.com/lists/oss-security/2024/05/28/1

github.com/eclipse-threadx/threadx/security/advisories/GHSA-vmp6-qhp9-r66x

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for CVELIST:CVE-2024-2214