CVE-2023-48695

Name of the Vulnerable Software and Affected Versions Azure RTOS USBX versions 6.2.1 and below

Description Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to out of bounds write vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host and device classes, related to CDC ECM and RNDIS.

Recommendations For Azure RTOS USBX versions 6.2.1 and below, upgrade to USBX release 6.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the host and device classes, specifically those related to CDC ECM and RNDIS, until the upgrade is applied.