CVE-2024-2214

Published: Mar 26, 2024Modified: Feb 13, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the Xtensa port was missing an array size check causing a memory overwrite. The affected file was ports/xtensa/xcc/src/tx_clib_lock.c

Affected (1)

Products: Eclipse: Threadx

Eclipse

1 product

Threadx

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Eclipse Threadx	Before 6.4.0

Related CWEs

CWE-129

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (6)

http://seclists.org/fulldisclosure/2024/May/35

Source: emo@eclipse.org

Mailing List

http://www.openwall.com/lists/oss-security/2024/05/28/1

Source: emo@eclipse.org

Mailing List

https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-vmp6-qhp9-r66x

Source: emo@eclipse.org

PatchVendor Advisory

http://seclists.org/fulldisclosure/2024/May/35

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://www.openwall.com/lists/oss-security/2024/05/28/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-vmp6-qhp9-r66x

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.