CVE-2023-48698

Name of the Vulnerable Software and Affected Versions Azure RTOS USBX versions prior to 6.3.0

Description The issue is related to expired pointer dereference vulnerabilities in Azure RTOS USBX, which can lead to remote code execution. The affected components include functions and processes in the host stack and host classes, related to device linked classes, GSER, and HID. An attacker can exploit this issue due to insufficient checking of exceptional states resulting from dereferencing an expired pointer.

Recommendations For Azure RTOS USBX versions prior to 6.3.0, upgrade to release 6.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the GSER and HID interfaces in the USB host until the update is applied. Avoid using the affected functions and processes in the host stack and host classes related to device linked classes until the issue is resolved.