CVE-2024-2214

Name of the Vulnerable Software and Affected Versions Eclipse ThreadX versions prior to 6.4.0

Description The issue is related to a missing array size check in the Mtxinit() function within the Xtensa port of Eclipse ThreadX, causing a memory overwrite. The affected file is ports/xtensa/xcc/src/tx clib lock.c.

Recommendations For versions prior to 6.4.0, update to version 6.4.0 or later to resolve the issue. As a temporary workaround, consider disabling the Mtxinit() function until a patch is available.