USBX Host CDC ECM integer underflow with buffer overflow
CVE-2022-36063

7.6HIGH

Key Information:

Vendor: Azure-rtos
Status: Usbx
Vendor: CVE Published:; 10 October 2022

What is CVE-2022-36063?

Azure RTOS USBx is a USB host, device, and on-the-go (OTG) embedded stack, fully integrated with Azure RTOS ThreadX and available for all Azure RTOS ThreadX–supported processors. Azure RTOS USBX implementation of host support for USB CDC ECM includes an integer underflow and a buffer overflow in the _ux_host_class_cdc_ecm_mac_address_get function which may be potentially exploited to achieve remote code execution or denial of service. Setting mac address string descriptor length to a 0 or 1 allows an attacker to introduce an integer underflow followed (string_length) by a buffer overflow of the cdc_ecm -> ux_host_class_cdc_ecm_node_id array. This may allow one to redirect the code execution flow or introduce a denial of service. The fix has been included in USBX release 6.1.12. Improved mac address string descriptor length validation to check for unexpectedly small values may be used as a workaround.

Affected Version(s)

usbx < 6.1.12

References

https://github.com/azure-rtos/usbx/security/advisories/GH...

https://github.com/azure-rtos/usbx/blob/master/common/usb...

https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2022
Vulnerability Reserved
Jul 15, 2022

Azure-rtos

What is CVE-2022-36063?

Affected Version(s)

References

CVSS V3.1

Timeline