Zephyr Saxon

Name of the Vulnerable Software and Affected Versions: RT-Thread versions up to 5.1.0 Description: A critical vulnerability was found in RT-Thread, affecting the functions `sys device open`, `sys device read`, `sys device control`, `sys device init`, `sys device close`, and `sys device write` of the file `components/drivers/core/device.c`. This vulnerability leads to memory corruption and can be exploited locally. The vendor was contacted about this issue but did not respond. Recommendations: For RT-Thread versions up to 5.1.0, as a temporary workaround, consider disabling the affected functions `sys device open`, `sys device read`, `sys device control`, `sys device init`, `sys device close`, and `sys device write` until a patch is available. Restrict access to the vulnerable file `components/drivers/core/device.c` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RT-Thread version 5.1.0 **Description** A critical vulnerability has been found in the sys sigprocmask function of the file rt-thread/components/lwp/lwp syscall.c. The manipulation of the `how` argument leads to improper validation of array index. **Recommendations** For RT-Thread version 5.1.0, consider disabling the sys sigprocmask function until a patch is available to prevent exploitation of the `how` argument. Restrict access to the lwp syscall.c file to minimize the risk of improper array index validation. Avoid using the `how` argument in the sys sigprocmask function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** RT-Thread version 5.1.0 **Description** A critical vulnerability was found in the `csys sendto` function of the file `rt-thread/components/lwp/lwp syscall.c`. The manipulation of the argument `to` leads to null pointer dereference. This issue can cause a null pointer dereference when exploited. **Recommendations** For RT-Thread version 5.1.0, consider disabling the `csys sendto` function as a temporary workaround until a patch is available. Restrict access to the `lwp syscall.c` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RT-Thread version 5.1.0 **Description** A critical issue affects the `sys select` function of the Parameter Handler component in the file `rt-thread/components/lwp/lwp syscall.c`. The manipulation of the `timeout` argument leads to memory corruption. The vendor advises checking the `timeout` parameter to ensure it can be accessed correctly in kernel mode and used temporarily in kernel memory. **Recommendations** For RT-Thread version 5.1.0, as a temporary workaround, consider implementing checks for the `timeout` parameter to prevent memory corruption until a patch is available. Restrict access to the `sys select` function to minimize the risk of exploitation. Avoid using the `timeout` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RT-Thread version 5.1.0 **Description** A critical vulnerability was found in the function `sys recvfrom` of the file `rt-thread/components/lwp/lwp syscall.c`. The manipulation of the argument `from` leads to memory corruption. **Recommendations** For RT-Thread version 5.1.0, as a temporary workaround, consider disabling the `sys recvfrom` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RT-Thread version 5.1.0 **Description** A critical issue has been found in the function `sys thread sigprocmask` of the file `rt-thread/components/lwp/lwp syscall.c`. The manipulation of the argument `how` leads to improper validation of array index. **Recommendations** For RT-Thread version 5.1.0, consider disabling the `sys thread sigprocmask` function until a patch is available to prevent improper validation of array index. Restrict access to the `lwp syscall.c` file to minimize the risk of exploitation. Avoid using the argument `how` in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** RT-Thread versions up to 5.1.0 **Description** A problematic vulnerability was found in RT-Thread. The issue affects the `sys thread create` function of the file rt-thread/components/lwp/lwp syscall.c. The manipulation of the argument `arg[0]` leads to information disclosure. An attack has to be approached locally. **Recommendations** For RT-Thread versions up to 5.1.0, consider disabling the `sys thread create` function until a patch is available to prevent information disclosure. Restrict access to the file rt-thread/components/lwp/lwp syscall.c to minimize the risk of exploitation. Avoid using the argument `arg[0]` in the affected function until the issue is resolved.