Threadx Usbx Security Vulnerabilities and Issues — Threadx Usbx CVE List

EclipseThreadx Usbx

15 matches found

CVE•added 2022/05/24 3:0 p.m.•83 views

CVE-2022-29246

Azure RTOS USBX DFU UPLOAD vulnerability (CVE-2022-29246) allows a potential buffer overflow prior to version 6.1.11. If a DFU UPLOAD request carries a wLength greater than UX_SLAVE_REQUEST_CONTROL_MAX_LENGTH (256 bytes), the code path in ux_device_class_dfu_read may copy data into a 256-byte buf...

9.8CVSS10AI score0.02162EPSS

CVE•added 2022/05/24 2:25 p.m.•65 views

CVE-2022-29223

Azure RTOS USBX contains a buffer overflow vulnerability in the USB host stack when processing a HUB descriptor with bNbPorts greater than UX_MAX_TT (default 8) in versions prior to 6.1.10. In particular, a HUB descriptor with bNbPorts = 255 can cause ux_host_class_hub_descriptor_get to write bey...

9.8CVSS8.8AI score0.01128EPSS

CVE•added 2022/10/10 12:0 a.m.•57 views

CVE-2022-36063

Azure RTOS USBX contains a vulnerability in the host support for USB CDC ECM, stemming from an integer underflow and a buffer overflow in the _ux_host_class_cdc_ecm_mac_address_get function. Setting the mac address string descriptor length to 0 or 1 can trigger an underflow (followed by a buffer ...

9.8CVSS9.2AI score0.01516EPSS

CVE•added 2023/12/05 12:24 a.m.•52 views

CVE-2023-48694

CVE-2023-48694 : Azure RTOS USBX contains an expired pointer dereference and type confusion vulnerability that can lead to remote code execution. Affected: USBX in RTOS v6.2.1 and earlier (host stack, host class, device-linked classes such as ASIX, Prolific, SWAR, audio, CDC ECM). Root cause: poi...

9.8CVSS8AI score0.01332EPSS

CVE•added 2023/12/05 12:24 a.m.•50 views

CVE-2023-48695

Azure RTOS USBX contains an out-of-bounds write vulnerability affecting the USBX host and device classes (CDC ECM and RNDIS) in RTOS v6.2.1 and earlier. This can lead to remote code execution. The issue is fixed in USBX release 6.3.0; upgrading is advised. Connected documents confirm the affected...

9.8CVSS9.2AI score0.01228EPSS

CVE•added 2022/10/13 12:0 a.m.•44 views

CVE-2022-39293

CVE-2022-39293 affectsAzure RTOS USBX prior to version 6.1.12. The vulnerability arises in ux_host_class_pima_read where the length from the device response (header_length) is used in a calculation: if header_length is smaller than UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE, the (header_length - UX_HOST...

9.8CVSS9.4AI score0.00642EPSS

CVE•added 2023/12/05 12:25 a.m.•42 views

CVE-2023-48697

CVE-2023-48697 concerns Azure RTOS USBX, a USB host/device stack. Vulnerabilities stem from memory buffer and pointer handling in RTOS v6.2.1 and earlier, affecting components such as pictbridge/host class and related PIMA, storage, CDC ACM, ECM, audio, and hub functionality. This can lead to rem...

9.8CVSS8AI score0.01185EPSS

CVE•added 2023/12/05 12:24 a.m.•38 views

CVE-2023-48696

Azure RTOS USBX contains a remote code execution vulnerability caused by an expired pointer dereference in the USBX host/CDC ACM path for RTOS v6.2.1 and earlier. Affected component: USBX within Azure RTOS USBX stack (host class/CDC ACM). Remediation: upgrade to USBX release 6.3.0 or later. Explo...

9.8CVSS8.8AI score0.00946EPSS

CVE•added 2023/12/05 12:25 a.m.•38 views

CVE-2023-48698

Azure RTOS USBX contains an expired pointer-dereference vulnerability in the USB host/stack (host stack, GSER, HID) affecting RTOS v6.2.1 and older. This can lead to remote code execution. The issue is mitigated by upgrading to USBX 6.3.0, which includes the fix. There are no publicly documented ...

9.8CVSS8AI score0.00931EPSS

CVE•added 2025/10/17 5:32 a.m.•15 views

CVE-2025-55096

CVE-2025-55096 affects USBX (USB host stack) prior to 6.4.3 in the Eclipse Foundation ThreadX ecosystem. The root cause is an out-of-bounds read in _ux_host_class_hid_report_descriptor_get() while parsing a USB HID device descriptor. Documented impact includes high confidentiality and availabilit...

6.1CVSS6.5AI score0.00152EPSS

CVE•added 2026/01/27 3:34 p.m.•12 views

CVE-2025-55095

CVE-2025-55095 affects the USBX host storage code in Eclipse ThreadX. The function _ux_host_class_storage_media_mount() recursively traverses extended partitions; it parses up to four partition entries in _ux_host_class_storage_partition_read() and recurses when it encounters a type UX_HOST_CLASS...

7CVSS5.9AI score0.00138EPSS

CVE•added 2025/10/17 5:35 a.m.•10 views

CVE-2025-55097

CVE-2025-55097 affects the USBX USB host module in Eclipse ThreadX prior to version 6.4.3, where an out-of-bounds read can occur in _ux_host_class_audio_streaming_sampling_get() while parsing a USB streaming device descriptor. The issue is described across multiple sources (NVD, Red Hat, CVE reco...

6.1CVSS6.5AI score0.00245EPSS

CVE•added 2025/10/17 5:36 a.m.•7 views

CVE-2025-55098

CVE-2025-55098 affects USBX (USB support module for Eclipse Foundation ThreadX) prior to 6.4.3. The vulnerability is a potential out-of-bounds read in the function _ux_host_class_audio_device_type_get() when parsing a USB audio device descriptor. Multiple sources (NVD, Red Hat, CVE lists) confirm...

6.1CVSS6.5AI score0.00297EPSS

CVE•added 2025/10/17 5:40 a.m.•7 views

CVE-2025-55100

CVE-2025-55100 affects USBX (ThreadX USB support module) prior to version 6.4.3. The issue is an out-of-bounds read in the function _ux_host_class_audio10_sam_parse_func() while parsing a list of sampling frequencies, which could lead to a crash or potential data exposure. Red Hat and CVE aggrega...

9.1CVSS6.5AI score0.00513EPSS

CVE•added 2025/10/17 5:38 a.m.•6 views

CVE-2025-55099

CVE-2025-55099 concerns Eclipse ThreadX USBX prior to 6.4.3, where the USB support module has a potential out-of-bounds read in _ux_host_class_audio_alternate_setting_locate() when parsing a descriptor with attacker-controlled frequency fields. Red Hat and multiple sources reiterate this exact is...

6.1CVSS6.4AI score0.00347EPSS