Rt Thread
Monthly
A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sys_device_open/sys_device_read/sys_device_control/sys_device_init/sys_device_close/sys_device_write of the file components/drivers/core/device.c. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The vendor was contacted early about this disclosure but did not respond in any way.
Critical memory corruption vulnerability in RT-Thread 5.1.0's sys_recvfrom syscall handler that allows authenticated local attackers to corrupt kernel memory through improper argument validation. An attacker with local access and limited privileges can exploit this to achieve arbitrary code execution or denial of service, potentially compromising the entire embedded system running RT-Thread.
Critical array index validation vulnerability in RT-Thread 5.1.0's signal mask syscall handler that allows authenticated local attackers to read and modify kernel memory with high impact. The vulnerability exists in the sys_thread_sigprocmask function where improper validation of the 'how' parameter enables out-of-bounds array access, potentially leading to privilege escalation or denial of service. This is an actively exploitable vulnerability requiring local access and low privileges with no user interaction needed.
Critical null pointer dereference vulnerability in RT-Thread 5.1.0's lwp_syscall.c csys_sendto function, allowing authenticated local attackers to cause denial of service and potentially achieve code execution with high integrity impact. The vulnerability requires local access and valid credentials but exploits a memory safety flaw in a core system call handler that could be leveraged for privilege escalation or system instability in embedded/IoT deployments running RT-Thread.
A security vulnerability in A vulnerability classified as critical (CVSS 8.0). Risk factors: public PoC available.
Critical memory corruption vulnerability in RT-Thread 5.1.0's sys_select syscall handler that allows authenticated local attackers to corrupt kernel memory by manipulating the timeout parameter. The vulnerability affects the lwp (lightweight process) component and has a CVSS score of 8.0 with potential for code execution, information disclosure, and denial of service. No public exploit code or active in-the-wild exploitation has been confirmed at this time, but the critical severity rating and memory corruption nature warrant immediate patching.
A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sys_device_open/sys_device_read/sys_device_control/sys_device_init/sys_device_close/sys_device_write of the file components/drivers/core/device.c. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The vendor was contacted early about this disclosure but did not respond in any way.
Critical memory corruption vulnerability in RT-Thread 5.1.0's sys_recvfrom syscall handler that allows authenticated local attackers to corrupt kernel memory through improper argument validation. An attacker with local access and limited privileges can exploit this to achieve arbitrary code execution or denial of service, potentially compromising the entire embedded system running RT-Thread.
Critical array index validation vulnerability in RT-Thread 5.1.0's signal mask syscall handler that allows authenticated local attackers to read and modify kernel memory with high impact. The vulnerability exists in the sys_thread_sigprocmask function where improper validation of the 'how' parameter enables out-of-bounds array access, potentially leading to privilege escalation or denial of service. This is an actively exploitable vulnerability requiring local access and low privileges with no user interaction needed.
Critical null pointer dereference vulnerability in RT-Thread 5.1.0's lwp_syscall.c csys_sendto function, allowing authenticated local attackers to cause denial of service and potentially achieve code execution with high integrity impact. The vulnerability requires local access and valid credentials but exploits a memory safety flaw in a core system call handler that could be leveraged for privilege escalation or system instability in embedded/IoT deployments running RT-Thread.
A security vulnerability in A vulnerability classified as critical (CVSS 8.0). Risk factors: public PoC available.
Critical memory corruption vulnerability in RT-Thread 5.1.0's sys_select syscall handler that allows authenticated local attackers to corrupt kernel memory by manipulating the timeout parameter. The vulnerability affects the lwp (lightweight process) component and has a CVSS score of 8.0 with potential for code execution, information disclosure, and denial of service. No public exploit code or active in-the-wild exploitation has been confirmed at this time, but the critical severity rating and memory corruption nature warrant immediate patching.
A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.