What is CVE-2022-29246?

CVE-2022-29246 is a vulnerability in Azure RTOS USBX that allows an attacker to introduce a buffer overflow resulting in memory overwrite.

What is the severity of CVE-2022-29246?

The severity of CVE-2022-29246 is critical, with a severity value of 9.8.

How does CVE-2022-29246 affect Azure RTOS USBX?

CVE-2022-29246 affects Azure RTOS USBX prior to version 6.1.11, allowing an attacker to bypass security features and potentially gain unauthorized access.

How can I fix CVE-2022-29246?

To fix CVE-2022-29246, you should update Azure RTOS USBX to version 6.1.11 or newer.

Are there any references available for CVE-2022-29246?

Yes, you can find references for CVE-2022-29246 at the following links: [Link 1](https://github.com/azure-rtos/usbx/blob/master/common/usbx_device_classes/src/ux_device_class_dfu_control_request.c), [Link 2](https://github.com/azure-rtos/usbx/releases/tag/v6.1.11_rel), [Link 3](https://github.com/azure-rtos/usbx/security/advisories/GHSA-hh5p-x584-j8hv).

Vulnerability/
CVE-2022-29246

critical

9.8

CWE

120 119

24/5/2022

3/8/2024

CVE-2022-29246: Potential buffer overflow in function DFU upload in Azure RTOS USBX

First published: Tue May 24 2022(Updated: )

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux_device_class_dfu_control_request` function does not assure that a buffer overflow will not occur during handling of the DFU UPLOAD command. When an attacker issues the `UX_SLAVE_CLASS_DFU_COMMAND_UPLOAD` control transfer request with `wLenght` larger than the buffer size (`UX_SLAVE_REQUEST_CONTROL_MAX_LENGTH`, 256 bytes), depending on the actual implementation of `dfu -> ux_slave_class_dfu_read`, a buffer overflow may occur. In example `ux_slave_class_dfu_read` may read 4096 bytes (or more up to 65k) to a 256 byte buffer ultimately resulting in an overflow. Furthermore in case an attacker has some control over the read flash memory, this may result in execution of arbitrary code and platform compromise. A fix for this issue has been included in USBX release 6.1.11. As a workaround, align request and buffer size to assure that buffer boundaries are respected.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Microsoft Azure Rtos Usbx	<6.1.11

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-29246?
CVE-2022-29246 is a vulnerability in Azure RTOS USBX that allows an attacker to introduce a buffer overflow resulting in memory overwrite.
What is the severity of CVE-2022-29246?
The severity of CVE-2022-29246 is critical, with a severity value of 9.8.
How does CVE-2022-29246 affect Azure RTOS USBX?
CVE-2022-29246 affects Azure RTOS USBX prior to version 6.1.11, allowing an attacker to bypass security features and potentially gain unauthorized access.
How can I fix CVE-2022-29246?
To fix CVE-2022-29246, you should update Azure RTOS USBX to version 6.1.11 or newer.
Are there any references available for CVE-2022-29246?
Yes, you can find references for CVE-2022-29246 at the following links: [Link 1](https://github.com/azure-rtos/usbx/blob/master/common/usbx_device_classes/src/ux_device_class_dfu_control_request.c), [Link 2](https://github.com/azure-rtos/usbx/releases/tag/v6.1.11_rel), [Link 3](https://github.com/azure-rtos/usbx/security/advisories/GHSA-hh5p-x584-j8hv).

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/title
agent/severity
agent/references
agent/author
agent/tags
agent/first-publish-date
agent/description
agent/event
vendor/microsoft
canonical/microsoft azure rtos usbx