Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host stack and host classes, related to device linked classes, GSER and HID in RTOS v6.2.1 and below. The fixes have been included in USBX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Link | Resource |
---|---|
https://github.com/azure-rtos/usbx/security/advisories/GHSA-grhp-f66q-x857 | Third Party Advisory |
Configurations
History
11 Dec 2023, 12:52
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:microsoft:azure_rtos_usbx:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | () https://github.com/azure-rtos/usbx/security/advisories/GHSA-grhp-f66q-x857 - Third Party Advisory | |
First Time |
Microsoft
Microsoft azure Rtos Usbx |
05 Dec 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-05 01:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-48698
Mitre link : CVE-2023-48698
CVE.ORG link : CVE-2023-48698
JSON object : View
Products Affected
microsoft
- azure_rtos_usbx