CVE-2024-2212

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Eclipse ThreadX versions prior to 6.4.0

Description The issue arises from missing parameter checks in the xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API. This could lead to integer wraparound, under-allocations, and heap buffer overflows.

Recommendations For Eclipse ThreadX versions prior to 6.4.0, update to version 6.4.0 or later to resolve the issue. As a temporary workaround, consider disabling the xQueueCreate() and xQueueCreateSet() functions until a patch is available. Restrict access to the FreeRTOS compatibility API to minimize the risk of exploitation.

Fix

Memory Corruption

Integer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-190CWE-122

Related Identifiers

CVE-2024-2212

GHSA-V9JJ-7QJG-H6G6

Affected Products

Eclipse Threadx

CVE-2024-2212

Weakness Enumeration

Related Identifiers

Affected Products

References · 10