CVE-2024-2212 Information

Description

In Eclipse ThreadX before 6.4.0 xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wraparound under-allocations and heap buffer overflows.

Reference

https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-v9jj-7qjg-h6g6