Azure-Rtos Usbx vulnerabilities
10 known vulnerabilities affecting azure-rtos/usbx.
Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL10
Vulnerabilities
Page 1 of 1
CVE-2023-48695P2CRITICALCVSS 9.8fixed in 6.3.02023-12-05
CVE-2023-48695 [CRITICAL] CWE-787 CVE-2023-48695: Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to out of bounds write vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host and device classes, related to CDC ECM and RNDIS in RTOS v
nvd
CVE-2023-48697P2CRITICALCVSS 9.8fixed in 6.3.02023-12-05
CVE-2023-48697 [CRITICAL] CWE-476 CVE-2023-48697: Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in pictbridge and host class, related to PIMA, storage, CDC
nvd
CVE-2022-39344P2CRITICALCVSS 9.8fixed in 6.1.122022-11-04
CVE-2022-39344 [CRITICAL] CWE-120 CVE-2022-39344: Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. Prior to version 6.1.12, the USB DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or
nvd
CVE-2023-48694P2CRITICALCVSS 9.8fixed in 6.3.02023-12-05
CVE-2023-48694 [CRITICAL] CWE-825 CVE-2023-48694: Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference and type confusion vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host class, related t
nvd
CVE-2022-29246P2CRITICALCVSS 9.8fixed in 6.1.112022-05-24
CVE-2022-29246 [CRITICAL] CWE-120 CVE-2022-29246: Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11,
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux
nvd
CVE-2023-48696P2CRITICALCVSS 9.8fixed in 6.3.02023-12-05
CVE-2023-48696 [CRITICAL] CWE-754 CVE-2023-48696: Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include components in host class, related to CDC ACM in RTOS v6.2.1 and below. The fix
nvd
CVE-2023-48698P2CRITICALCVSS 9.8fixed in 6.3.02023-12-05
CVE-2023-48698 [CRITICAL] CWE-754 CVE-2023-48698: Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host classes, related to device linked c
nvd
CVE-2022-36063P3CRITICALCVSS 9.8fixed in 6.1.122022-10-10
CVE-2022-36063 [CRITICAL] CWE-121 CVE-2022-36063: Azure RTOS USBx is a USB host, device, and on-the-go (OTG) embedded stack, fully integrated with Azu
Azure RTOS USBx is a USB host, device, and on-the-go (OTG) embedded stack, fully integrated with Azure RTOS ThreadX and available for all Azure RTOS ThreadX–supported processors. Azure RTOS USBX implementation of host support for USB CDC ECM includes an integer underflow and a buffer overflow in the `_ux_host_class_cdc_ecm_mac_address_get` functio
nvd
CVE-2022-29223P3CRITICALCVSS 9.8fixed in 6.1.102022-05-24
CVE-2022-29223 [CRITICAL] CWE-120 CVE-2022-29223: Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. In versions prior to 6.1.
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. In versions prior to 6.1.10, an attacker can cause a buffer overflow by providing the Azure RTOS USBX host stack a HUB descriptor with `bNbPorts` set to a value greater than `UX_MAX_TT` which defaults to 8. For a `bNbPorts` value of 255, the implementation of `ux_host_class
nvd
CVE-2022-39293P3CRITICALCVSS 9.8fixed in 6.1.122022-10-13
CVE-2022-39293 [CRITICAL] CWE-191 CVE-2022-39293: Azure RTOS USBX is a high-performance USB host, device, and on-the-go (OTG) embedded stack, that is
Azure RTOS USBX is a high-performance USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. The case is, in [_ux_host_class_pima_read](https://github.com/azure-rtos/usbx/blob/master/common/usbx_host_classes/src/ux_host_class_pima_read.c), there is data length from device response, returned in the ve
nvd