CVE-2024-2214 - Vulnerability Details - OpenCVE

In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the Xtensa port was missing an array size check causing a memory overwrite. The affected file was ports/xtensa/xcc/src/tx_clib_lock.c

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eclipse	Threadx

Configuration 1 [-]

cpe:2.3:a:eclipse:threadx:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2024/May/35
http://www.openwall.com/lists/oss-security/2024/05/28/1
https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-vmp6-qhp9-r66x

History

Thu, 13 Feb 2025 17:45:00 +0000

Type	Values Removed	Values Added
Description	In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the Xtensa port was missing an array size check causing a memory overwrite. The affected file was ports/xtensa/xcc/src/tx_clib_lock.c	In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the Xtensa port was missing an array size check causing a memory overwrite. The affected file was ports/xtensa/xcc/src/tx_clib_lock.c
Title	Missing array size check in _Mtxinit() in the Xtensa port	Missing array size check in _Mtxinit() in the Xtensa port

Thu, 06 Feb 2025 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Eclipse Eclipse threadx
CPEs		cpe:2.3:a:eclipse:threadx::::::::
Vendors & Products		Eclipse Eclipse threadx

MITRE

Status: PUBLISHED

Assigner: eclipse

Published: 2024-03-26T15:48:36.304Z

Updated: 2025-02-13T17:33:31.114Z

Reserved: 2024-03-06T09:42:57.732Z

Link: CVE-2024-2214

Vulnrichment

Updated: 2024-08-01T19:03:39.101Z

NVD

Status : Modified

Published: 2024-03-26T16:15:13.430

Modified: 2025-02-13T18:17:52.763

Link: CVE-2024-2214

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-2214", "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "state": "PUBLISHED", "assignerShortName": "eclipse", "dateReserved": "2024-03-06T09:42:57.732Z", "datePublished": "2024-03-26T15:48:36.304Z", "dateUpdated": "2025-02-13T17:33:31.114Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ThreadX", "repo": "https://github.com/eclipse-threadx/threadx/", "vendor": "Eclipse Foundation", "versions": [{"lessThan": "6.4.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Marco Ivaldi"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the \nXtensa port was missing an array size check causing a memory overwrite. \nThe affected file was ports/xtensa/xcc/src/tx_clib_lock.c<br></div>"}], "value": "In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the \nXtensa port was missing an array size check causing a memory overwrite. \nThe affected file was ports/xtensa/xcc/src/tx_clib_lock.c"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse", "dateUpdated": "2024-06-10T17:13:04.543Z"}, "references": [{"url": "https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-vmp6-qhp9-r66x"}, {"url": "http://seclists.org/fulldisclosure/2024/May/35"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/28/1"}], "source": {"discovery": "UNKNOWN"}, "title": "Missing array size check in _Mtxinit() in the Xtensa port", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-09T19:33:26.602065Z", "id": "CVE-2024-2214", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-09T19:33:35.132Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:03:39.101Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-vmp6-qhp9-r66x", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/May/35", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/28/1", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-vmp6-qhp9-r66x", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/May/35", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/28/1", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:03:39.101Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2214", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-09T19:33:26.602065Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-09T19:33:31.523Z"}}], "cna": {"title": "Missing array size check in _Mtxinit() in the Xtensa port ", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Marco Ivaldi"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/eclipse-threadx/threadx/", "vendor": "Eclipse Foundation", "product": "ThreadX", "versions": [{"status": "affected", "version": "0", "lessThan": "6.4.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-vmp6-qhp9-r66x"}, {"url": "http://seclists.org/fulldisclosure/2024/May/35"}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/28/1"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the \nXtensa port was missing an array size check causing a memory overwrite. \nThe affected file was ports/xtensa/xcc/src/tx_clib_lock.c\n\n", "supportingMedia": [{"type": "text/html", "value": "<div>In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the \nXtensa port was missing an array size check causing a memory overwrite. \nThe affected file was ports/xtensa/xcc/src/tx_clib_lock.c<br></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index"}]}], "providerMetadata": {"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse", "dateUpdated": "2024-03-26T15:48:36.304Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2214", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:03:39.101Z", "dateReserved": "2024-03-06T09:42:57.732Z", "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "datePublished": "2024-03-26T15:48:36.304Z", "assignerShortName": "eclipse"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:threadx:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2A0F47C-E265-4718-A894-4E5C2495B587", "versionEndExcluding": "6.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the \nXtensa port was missing an array size check causing a memory overwrite. \nThe affected file was ports/xtensa/xcc/src/tx_clib_lock.c"}, {"lang": "es", "value": "En Eclipse ThreadX anterior a la versi\u00f3n 6.4.0, a la funci\u00f3n _Mtxinit() en el puerto Xtensa le faltaba una verificaci\u00f3n del tama\u00f1o de la matriz, lo que provocaba una sobrescritura de la memoria. El archivo afectado era ports/xtensa/xcc/src/tx_clib_lock.c"}], "id": "CVE-2024-2214", "lastModified": "2025-02-13T18:17:52.763", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "emo@eclipse.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-26T16:15:13.430", "references": [{"source": "emo@eclipse.org", "tags": ["Mailing List"], "url": "http://seclists.org/fulldisclosure/2024/May/35"}, {"source": "emo@eclipse.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/05/28/1"}, {"source": "emo@eclipse.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-vmp6-qhp9-r66x"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://seclists.org/fulldisclosure/2024/May/35"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/05/28/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-vmp6-qhp9-r66x"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "emo@eclipse.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-129"}], "source": "nvd@nist.gov", "type": "Primary"}]}