214 matches found
CVE-2023-48693 Azure RTOS ThreadX Remote Code Execution Vulnerability
Azure RTOS ThreadX is an advanced real-time operating system RTOS designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to vulnerability in parameter checking mechanism in Azure RTOS ThreadX, which may lead to privilege escalation. The affected...
Azure RTOS ThreadX Input Validation Error Vulnerability
Azure RTOS ThreadX is an advanced real-time operating system open-sourced by Azure RTOS. An input validation error vulnerability exists in Azure RTOS ThreadX versions prior to 6.3.0, which stems from a vulnerability in the parameter checking mechanism that can be exploited by an attacker to cause...
PT-2023-30902 · Microsoft · Azure Rtos Threadx
Name of the Vulnerable Software and Affected Versions: Azure RTOS ThreadX versions prior to 6.3.0 Description: Azure RTOS ThreadX is an advanced real-time operating system RTOS designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to a...
CVE-2022-39344 Azure RTOS USBX vulnerable to buffer overflow
Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. Prior to version 6.1.12, the USB DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this m...
CVE-2022-39293
Azure RTOS USBX is a high-performance USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. The case is, in uxhostclasspimaread, there is data length from device response, returned in the very first packet, and read by L165 code, as headerlength. Th...
CVE-2022-36063
Azure RTOS USBx is a USB host, device, and on-the-go OTG embedded stack, fully integrated with Azure RTOS ThreadX and available for all Azure RTOS ThreadX–supported processors. Azure RTOS USBX implementation of host support for USB CDC ECM includes an integer underflow and a buffer overflow in th...
Microsoft Azure RTOS NetX Denial of Service Vulnerability
Microsoft Azure RTOS NetX is part of ThreadX RTOS, an open source project maintained by Microsoft. Microsoft Azure RTOS NetX has a denial of service vulnerability that can be exploited by an attacker to cause an infinite loop...
CVE-2019-13916
An issue was discovered in Cypress formerly Broadcom WICED Studio 6.2 CYW20735B1 and CYW20819A1. As a Bluetooth Low Energy BLE packet is received, it is copied into a Heap ThreadX Block buffer. The buffer allocated in dhmulpgetRxBuffer is four bytes too small to hold the maximum of 255 bytes plus...
Marvell Avastar Wi-Fi Code Execution Vulnerability
Marvell Avastar Wi-Fi is a WiFi chipset used in routers, computers, and other devices. A security vulnerability exists in the ThreadX-based firmware on the Marvell Avastar Wi-Fi. When scanning a valid network, a remote attacker can exploit the vulnerability to execute arbitrary code or cause a...
A week in security (January 14 – 20)
Last week on the Malwarebytes Labs blog, we took a look at how the government shutdown is influencing cybersecurity jobs, Advanced Persistent Threats group APT10, the comeback of Fallout EK, the hosting of malicious sites on legitimate servers, and the Collection 1 data breach. Other cybersecurit...
Design/Logic Flaw
The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service block pool overflow via malformed Wi-Fi packets during identification of available Wi-Fi networks...
CVE-2019-6496
The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service block pool overflow via malformed Wi-Fi packets during identification of available Wi-Fi networks...
CVE-2019-6496
Marvell Avastar Wi‑Fi chip family (models 88W8787/8797/8801/8897/8997) is affected by CVE-2019-6496 due to a block pool memory overflow in the ThreadX-based firmware when performing Wi‑Fi network scans. This can allow remote attackers within Wi‑Fi range to execute arbitrary code or cause a denial...
CVE-2019-6496
The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service block pool overflow via malformed Wi-Fi packets during identification of available Wi-Fi networks...