PT-2022-11614 · Stmicroelectronics+2 · Stm32 Mw Usb Host+2
Defonceuse
+1
·
Published
2022-10-21
·
Updated
2025-05-07
·
CVE-2021-42553
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
stm32 mw usb host versions prior to 3.5.1
Description
A buffer overflow issue allows an attacker to execute arbitrary code when the descriptor contains more endpoints than
USBH MAX NUM ENDPOINTS. This typically occurs when using a RTOS such as FreeRTOS on STM32 MCUs.Recommendations
For versions prior to 3.5.1, update to version 3.5.1 or later to resolve the issue. As a temporary workaround, consider restricting the number of endpoints in the descriptor to prevent it from exceeding
USBH MAX NUM ENDPOINTS.Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Ubuntu
Stm32 Mw Usb Host