CVE-2024-24254 Information

Description

PX4 Autopilot 1.14 and earlier due to the lack of synchronization mechanism for loading geofence data has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This will result in the drone uploading overlapping geofences and mission routes.

Reference

https://github.com/Drone-Lab/PX4-Autopilot/blob/report-can-not-pause-vulnerability/Multi-Threaded%20Race%20Condition%20bug%20found%20in%20PX4%20cause%20drone%20can%20not%20PAUSE.md https://github.com/PX4/PX4-Autopilot