CVE-2024-2452 Integer wraparound, under-allocation, and heap buffer overflow in Eclipse ThreadX NetX Duo __portable_aligned_alloc()

In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of portablealignedalloc could cause an integer wrap-around and an allocation smaller than expected. This could cause subsequent heap buffer overflows...

Eclipse ThreadX RTOS 输入验证错误漏洞

Eclipse ThreadX RTOS is an advanced real-time operating system RTOS from Eclipse ThreadX designed for deeply embedded applications. A security vulnerability exists in Eclipse ThreadX RTOS versions prior to 6.4.0, which stems from a buffer overflow vulnerability due to a lack of parameter checking...

Eclipse ThreadX RTOS 输入验证错误漏洞

Eclipse ThreadX RTOS is an advanced real-time operating system RTOS from Eclipse ThreadX designed for deeply embedded applications. A security vulnerability exists in Eclipse ThreadX versions prior to 6.4.0 that stems from a lack of array size checking in the Xtensa port, resulting in a memory...

PT-2024-19226 · Unknown · Eclipse Threadx

Name of the Vulnerable Software and Affected Versions: Eclipse ThreadX versions prior to 6.4.0 Description: The issue is related to a missing array size check in the Mtxinit function within the Xtensa port of Eclipse ThreadX, causing a memory overwrite. The affected file is ports/xtensa/xcc/src/t...

PT-2024-20432 · Eclipse · Eclipse Threadx Netx Duo

Name of the Vulnerable Software and Affected Versions: Eclipse ThreadX NetX Duo versions prior to 6.4.0 Description: The issue arises when an attacker can control parameters of the portable aligned alloc function, potentially causing an integer wrap-around and an allocation smaller than expected...

PT-2024-19216 · Eclipse · Eclipse Threadx

Name of the Vulnerable Software and Affected Versions: Eclipse ThreadX versions prior to 6.4.0 Description: The issue arises from missing parameter checks in the xQueueCreate and xQueueCreateSet functions from the FreeRTOS compatibility API. This could lead to integer wraparound, under-allocation...

Eclipse ThreadX NetX Duo 输入验证错误漏洞

Eclipse ThreadX NetX Duo is an IPv4 and IPv6 dual network stack for Eclipse ThreadX open source. A security vulnerability exists in Eclipse ThreadX NetX Duo versions prior to 6.4.0, which stems from a vulnerability that allows attackers to cause a buffer overflow via the function...

CVE-2023-48697

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in...

CVE-2023-48698

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host...

CVE-2023-48694

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference and type confusion vulnerabilities in Azure RTOS USBX. The affected components include...

CVE-2023-48693

Azure RTOS ThreadX is an advanced real-time operating system RTOS designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to vulnerability in parameter checking mechanism in Azure RTOS ThreadX, which may lead to privilege escalation. The affected...

Null pointer dereference

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host...

Design/Logic Flaw

Azure RTOS ThreadX is an advanced real-time operating system RTOS designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to vulnerability in parameter checking mechanism in Azure RTOS ThreadX, which may lead to privilege escalation. The affected...

CVE-2023-48698

Azure RTOS USBX contains an expired pointer-dereference vulnerability in the USB host/stack (host stack, GSER, HID) affecting RTOS v6.2.1 and older. This can lead to remote code execution. The issue is mitigated by upgrading to USBX 6.3.0, which includes the fix. There are no publicly documented ...

CVE-2023-48697 Azure RTOS USBX Remote Code Execution Vulnerability

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in...

CVE-2023-48696

Azure RTOS USBX contains a remote code execution vulnerability caused by an expired pointer dereference in the USBX host/CDC ACM path for RTOS v6.2.1 and earlier. Affected component: USBX within Azure RTOS USBX stack (host class/CDC ACM). Remediation: upgrade to USBX release 6.3.0 or later. Explo...

CVE-2023-48695

Azure RTOS USBX contains an out-of-bounds write vulnerability affecting the USBX host and device classes (CDC ECM and RNDIS) in RTOS v6.2.1 and earlier. This can lead to remote code execution. The issue is fixed in USBX release 6.3.0; upgrading is advised. Connected documents confirm the affected...

CVE-2023-48695 Azure RTOS USBX Remote Code Execution Vulnerability

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to out of bounds write vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host and...

CVE-2023-48694 Azure RTOS USBX Remote Code Execution Vulnerability

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference and type confusion vulnerabilities in Azure RTOS USBX. The affected components include...

CVE-2023-48693

Azure RTOS ThreadX suffers an out-of-bounds/parameter-checking vulnerability that can enable arbitrary read/write and privilege escalation. Affected product: Azure RTOS ThreadX prior to 6.3.0 (notably v6.2.1 and below). Root cause: improper parameter validation within ThreadX components allows me...