Skip to main content

Threadx

3 CVEs product

Monthly

CVE-2026-0648 HIGH This Week

Memory corruption in ThreadX RTOS CreateCounter() function allows local attackers with user privileges to trigger hard faults or corrupt kernel memory by exhausting the counter pool, which causes an unchecked error code to be cast as a wild pointer. The vulnerability stems from incorrect error validation logic that fails to detect counter allocation failures, enabling subsequent writes to arbitrary memory addresses. No patch is currently available.

Buffer Overflow Threadx
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-2214 HIGH PATCH This Week

In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the Xtensa port was missing an array size check causing a memory overwrite. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Threadx
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-2212 HIGH POC This Week

In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Threadx
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption in ThreadX RTOS CreateCounter() function allows local attackers with user privileges to trigger hard faults or corrupt kernel memory by exhausting the counter pool, which causes an unchecked error code to be cast as a wild pointer. The vulnerability stems from incorrect error validation logic that fails to detect counter allocation failures, enabling subsequent writes to arbitrary memory addresses. No patch is currently available.

Buffer Overflow Threadx
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the Xtensa port was missing an array size check causing a memory overwrite. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Threadx
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Threadx
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy