CVE-2022-39293

Name of the Vulnerable Software and Affected Versions Azure RTOS USBX versions prior to 6.1.12

Description The issue arises from the ux host class pima read function in Azure RTOS USBX, where the data length from a device response is read and used in calculations. Specifically, the header length value is used in a comparison that can lead to an overflow if header length is smaller than UX HOST CLASS PIMA DATA HEADER SIZE. This overflow can cause a write buffer overflow when moving the data pointer in a while loop. The estimated number of potentially affected devices is not provided.

Recommendations For Azure RTOS USBX versions prior to 6.1.12, update to version 6.1.12 or later to resolve the issue. As a temporary workaround, add a check for header length to ensure it is greater than UX HOST CLASS PIMA DATA HEADER SIZE and greater than or equal to the current returned data length (transfer request -> ux transfer request actual length).