PT-2025-42589 · Eclipse Foundation · Usbx
Published
2025-10-17
·
Updated
2025-10-17
·
CVE-2025-55099
CVSS v3.1
6.1
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
USBX versions prior to 6.4.3
Description
The USB support module for Eclipse Foundation ThreadX contains a potential out-of-bounds read issue within the
ux host class audio alternate setting locate() function. This occurs when parsing a descriptor containing attacker-controlled frequency fields.Recommendations
Update to version 6.4.3 or later.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Usbx