PT-2024-20325 · Unknown · Px4-Autopilot

Published

2024-02-06

Updated

2024-02-15

CVE-2024-24254

CVSS v3.1

4.2

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions PX4 Autopilot versions 1.14 and earlier

Description The issue is due to the lack of a synchronization mechanism for loading geofence data, resulting in a Race Condition vulnerability in the geofence.cpp and mission feasibility checker.cpp. This will cause the drone to upload overlapping geofences and mission routes.

Recommendations For PX4 Autopilot versions 1.14 and earlier, as a temporary workaround, consider disabling the loading of geofence data until a patch is available. Restrict access to the geofence.cpp and mission feasibility checker.cpp to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2024-24254

Affected Products

Px4-Autopilot

PT-2024-20325 · Unknown · Px4-Autopilot

CVE-2024-24254

Weakness Enumeration

Related Identifiers

Affected Products

References · 7