CVE-2022-29246

Name of the Vulnerable Software and Affected Versions Azure RTOS USBX versions prior to 6.1.11

Description The issue concerns a buffer overflow in the USBX DFU UPLOAD functionality, which can be exploited to overwrite memory contents, bypass security features, or execute arbitrary code. This occurs when the ux device class dfu control request function fails to prevent a buffer overflow during the handling of the DFU UPLOAD command. Specifically, when an attacker sends the UX SLAVE CLASS DFU COMMAND UPLOAD control transfer request with a wLenght larger than the buffer size (UX SLAVE REQUEST CONTROL MAX LENGTH, 256 bytes), a buffer overflow may happen, especially if dfu -> ux slave class dfu read reads more data than the buffer can hold. This could lead to platform compromise if the attacker has control over the read flash memory.

Recommendations For Azure RTOS USBX versions prior to 6.1.11, update to version 6.1.11 to resolve the issue. As a temporary workaround, align the request and buffer size to ensure that buffer boundaries are respected, preventing potential overflows.