CVE-2022-36063 Azure RTOS USBx is a USB host, device and OTG embedded stack with Azure RTOS ThreadX support.

Azure RTOS USBx implementation of host support for uploading and downloading files including code and data, via FTDI and UART, may be potentially exploited to achieve remote code execution or denial of service (infinite recursive loop, buffer overflow). The `_ux_host_class_ftdi_write_mode_get` function contains a buffer overflow. This may allow one to achieve remote code execution or denial of service via the `ftdi_write_mode` command. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). A buffer overflow in the `_ux_host_class_uart_tx_data_length_get` function may allow one to achieve denial of service via the `uart_tx_data_length` command. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). Azure RTOS USBx implementation of host support for communicating over wireless networks via the `_ux_host_class_wifi_bss_info_get` function may be potentially exploited to achieve remote code execution via the `wifi_bss_info_get` command. The fix has been included in USBX release

AzureRTOS USBx implementation of host support for communicating over wireless networks

Azure RTOS USBx implementation of host support for communicating over wireless networks via the `_ux_host_class_wifi_bss_info_get` function may be potentially exploited to achieve remote code execution via the `wifi_bss_info_get` command. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel).

MS Windows USBx implementation of host support for Microsoft Windows via FTDI and UART, may be potentially exploited to achieve remote code execution or denial of service (infinite recursive loop, buffer overflow). The `_ux_host_class_ftdi_write_mode_get` function contains a buffer overflow. This may allow one to achieve remote code execution or denial of service via the `ftdi_write_mode` command. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). A buffer overflow in the `__u8__u8__u16__u16__u32__f32__f64__f64__f128()` function may allow one to achieve denial of service via the `malloc()` command. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel).

Timeline

Published on: 10/10/2022 21:15:00 UTC
Last modified on: 10/12/2022 18:17:00 UTC

References

• https://github.com/azure-rtos/usbx/security/advisories/GHSA-chpp-5fv9-6368
• https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel
• https://github.com/azure-rtos/usbx/blob/master/common/usbx_host_classes/src/ux_host_class_cdc_ecm_mac_address_get.c#L264
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36063