Hi,
Please find attached a security advisory that describes multiple
vulnerabilities we discovered in Eclipse ThreadX (aka Azure RTOS).
* Title: Multiple vulnerabilities in Eclipse ThreadX
* OS: Eclipse ThreadX < 6.4.0
* Author: Marco Ivaldi <[email protected]>
* Date: 2024-05-28
* CVE IDs and severity:
* CVE-2024-2214 - High - 7.0 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-2212 - High - 7.3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
* CVE-2024-2452 - High - 7.0 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
* Advisory URLs:
* https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-vmp6-qhp9-r66x
* https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-v9jj-7qjg-h6g6
* https://github.com/eclipse-threadx/netxduo/security/advisories/GHSA-h963-7vhw-8rpx
* Vendor URL: https://threadx.io/
The advisory is also available at:
https://github.com/hnsecurity/vulns/blob/main/HNS-2024-06-threadx.txt
For additional information, please refer to our vulnerability writeup:
https://security.humanativaspa.it/multiple-vulnerabilities-in-eclipse-threadx/
Cheers,
--
Marco Ivaldi
https://0xdeadbeef.info/
"When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl."