PT-2023-30906 · Microsoft · Azure Rtos Usbx

Published

2023-12-04

Updated

2025-10-27

CVE-2023-48697

CVSS v3.1

6.4

Medium

Vector

AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Azure RTOS USBX versions 6.2.1 and below

Description An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in pictbridge and host class, related to PIMA, storage, CDC ACM, ECM, audio, hub.

Recommendations For Azure RTOS USBX versions 6.2.1 and below, upgrade to USBX release 6.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable components, such as pictbridge and host class functions, until the upgrade is applied. Avoid using the affected functions/processes related to PIMA, storage, CDC ACM, ECM, audio, hub in RTOS until the issue is resolved.

Exploit

Fix

RCE

Memory Corruption

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-825CWE-476

Related Identifiers

CVE-2023-48697

GHSA-P2P9-WP2Q-WJV4

Affected Products

Azure Rtos Usbx

PT-2023-30906 · Microsoft · Azure Rtos Usbx

CVE-2023-48697

Weakness Enumeration

Related Identifiers

Affected Products

References · 8