CVE-2022-29223 Information

Jun 07, 2022 cve

Description

Azure RTOS USBX is a USB host device and on-the-go (OTG) embedded stack. In versions prior to 6.1.10 an attacker can cause a buffer overflow by providing the Azure RTOS USBX host stack a HUB descriptor with bNbPorts set to a value greater than UX_MAX_TT which defaults to 8. For a bNbPorts value of 255 the implementation of ux_host_class_hub_descriptor_get function will modify the contents of hub -> ux_host_class_hub_device -> ux_device_hub_tt array violating the end boundary by 255 - UX_MAX_TT items. The USB host stack needs to validate the number of ports reported by the hub and if the value is larger than UX_MAX_TT USB stack needs to reject the request. This fix has been included in USBX release 6.1.10.

Reference

https://github.com/azure-rtos/usbx/security/advisories/GHSA-2qc5-385m-x862 https://github.com/azure-rtos/usbx/releases/tag/v6.1.10_rel

Share on: