Vulnerability Description
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. In versions prior to 6.1.10, an attacker can cause a buffer overflow by providing the Azure RTOS USBX host stack a HUB descriptor with `bNbPorts` set to a value greater than `UX_MAX_TT` which defaults to 8. For a `bNbPorts` value of 255, the implementation of `ux_host_class_hub_descriptor_get` function will modify the contents of `hub` -> `ux_host_class_hub_device` -> `ux_device_hub_tt` array violating the end boundary by 255 - `UX_MAX_TT` items. The USB host stack needs to validate the number of ports reported by the hub, and if the value is larger than UX_MAX_TT, USB stack needs to reject the request. This fix has been included in USBX release 6.1.10.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eclipse | Threadx Usbx | < 6.1.10 |
Related Weaknesses (CWE)
References
- https://github.com/azure-rtos/usbx/releases/tag/v6.1.10_relRelease NotesThird Party Advisory
- https://github.com/azure-rtos/usbx/security/advisories/GHSA-2qc5-385m-x862Release NotesThird Party Advisory
- https://github.com/azure-rtos/usbx/releases/tag/v6.1.10_relRelease NotesThird Party Advisory
- https://github.com/azure-rtos/usbx/security/advisories/GHSA-2qc5-385m-x862Release NotesThird Party Advisory
FAQ
What is CVE-2022-29223?
CVE-2022-29223 is a vulnerability with a CVSS score of 7.5 (HIGH). Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. In versions prior to 6.1.10, an attacker can cause a buffer overflow by providing the Azure RTOS USBX host stack a HUB descri...
How severe is CVE-2022-29223?
CVE-2022-29223 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-29223?
Check the references section above for vendor advisories and patch information. Affected products include: Eclipse Threadx Usbx.