CVE-2023-48694

Name of the Vulnerable Software and Affected Versions Azure RTOS USBX versions prior to 6.3.0

Description Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference and type confusion vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host class, related to device linked classes, ASIX, Prolific, SWAR, audio, CDC ECM.

Recommendations For Azure RTOS USBX versions prior to 6.3.0, upgrade to USBX release 6.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable components, such as functions/processes in host stack and host class, until the upgrade is applied.