What is CVE-2022-39344?

CVE-2022-39344 is a vulnerability in Azure RTOS USBX that allows for a buffer overflow, leading to memory corruption.

How does CVE-2022-39344 affect Azure RTOS USBX?

CVE-2022-39344 affects Azure RTOS USBX versions prior to 6.1.12, allowing for buffer overflow and memory content overwrite through the USB DFU UPLOAD functionality.

What is the severity of CVE-2022-39344?

CVE-2022-39344 has a severity rating of 9.8 (Critical).

What is USB DFU UPLOAD in Azure RTOS USBX?

USB DFU UPLOAD is a functionality in Azure RTOS USBX that allows for firmware updates over USB.

How can I mitigate CVE-2022-39344 in Azure RTOS USBX?

To mitigate CVE-2022-39344, users should update Azure RTOS USBX to version 6.1.12 or later, which resolves the buffer overflow vulnerability.

Vulnerability/
CVE-2022-39344

critical

9.8

CWE

120 119

4/11/2022

3/8/2024

CVE-2022-39344: Azure RTOS USBX vulnerable to buffer overflow

First published: Fri Nov 04 2022(Updated: )

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. Prior to version 6.1.12, the USB DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux_device_class_dfu_control_request` function prevents buffer overflow during handling of DFU UPLOAD command when current state is `UX_SYSTEM_DFU_STATE_DFU_IDLE`. This issue has been patched, please upgrade to version 6.1.12. As a workaround, add the `UPLOAD_LENGTH` check in all possible states.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Microsoft Azure Rtos Usbx	<6.1.12

Never miss a vulnerability like this again

Reference Links

https://github.com/azure-rtos/usbx/security/advisories/GHSA-m9p8-xrp7-vvqp

Frequently Asked Questions

What is CVE-2022-39344?
CVE-2022-39344 is a vulnerability in Azure RTOS USBX that allows for a buffer overflow, leading to memory corruption.
How does CVE-2022-39344 affect Azure RTOS USBX?
CVE-2022-39344 affects Azure RTOS USBX versions prior to 6.1.12, allowing for buffer overflow and memory content overwrite through the USB DFU UPLOAD functionality.
What is the severity of CVE-2022-39344?
CVE-2022-39344 has a severity rating of 9.8 (Critical).
What is USB DFU UPLOAD in Azure RTOS USBX?
USB DFU UPLOAD is a functionality in Azure RTOS USBX that allows for firmware updates over USB.
How can I mitigate CVE-2022-39344 in Azure RTOS USBX?
To mitigate CVE-2022-39344, users should update Azure RTOS USBX to version 6.1.12 or later, which resolves the buffer overflow vulnerability.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/author
agent/references
agent/title
agent/severity
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/microsoft
canonical/microsoft azure rtos usbx

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.