CVE-2024-2212

Summary: CVE-2024-2212 affects Eclipse ThreadX prior to 6.4.0 due to missing parameter checks in the FreeRTOS compatibility API functions xQueueCreate() and xQueueCreateSet() (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c). This can cause integer wraparound, under-allocations, and heap...

CVE-2024-2214

CVE-2024-2214 affects Eclipse ThreadX, specifically the Xtensa port. The vulnerability arises from an ineffective array size check in the _Mtxinit() function, leading to a memory overwrite in ports/xtensa/xcc/src/tx_clib_lock.c. It applies to ThreadX versions prior to 6.4.0. The available documen...

CVE-2025-55078

CVE-2025-55078 affects Eclipse ThreadX before version 6.4.3. The issue is incomplete validation of kernel object pointers in system calls: a pointer to a reserved or unmapped memory region could bypass checks because the validator did not ensure the pointer lies within the module memory region, e...

CVE-2025-55079

CVE-2025-55079 refers to Eclipse ThreadX RTOS prior to 6.4.3, where the thread module’s maximum priority check could be bypassed, allowing a thread to run at a higher priority than intended and cause a potential denial of service. This is corroborated by Red Hat and other industry sources in the ...

CVE-2025-55080

The vulnerability CVE-2025-55080 affects Eclipse ThreadX prior to version 6.4.3. Root cause: memory protection enabled, syscall parameter verification is insufficient, enabling an attacker to obtain an arbitrary memory read/write. Affected component: ThreadX RTOS (pre-6.4.3). Impact: arbitrary me...

CVE-2026-0648

CVE-2026-0648 : Red Hat and other sources describe a logic error in the CreateCounter() path for OSEK in threadx.c where osek_get_counter() return value is mishandled. The code tests for failure by comparing cntr_id to 0u, but osek_get_counter() signals failure with E_OS_SYS_STACK (12U). When the...