Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. In versions prior to 6.1.10, an attacker can cause a buffer overflow by providing the Azure RTOS USBX host stack a HUB descriptor with `bNbPorts` set to a value greater than `UX_MAX_TT` which defaults to 8. For a `bNbPorts` value of 255, the implementation of `ux_host_class_hub_descriptor_get` function will modify the contents of `hub` -> `ux_host_class_hub_device` -> `ux_device_hub_tt` array violating the end boundary by 255 - `UX_MAX_TT` items. The USB host stack needs to validate the number of ports reported by the hub, and if the value is larger than UX_MAX_TT, USB stack needs to reject the request. This fix has been included in USBX release 6.1.10.
Published 2022-05-24 15:15:08
Updated 2022-06-07 16:42:07
Source GitHub, Inc.
View at NVD,   CVE.org
Vulnerability category: Overflow

Products affected by CVE-2022-29223

Exploit prediction scoring system (EPSS) score for CVE-2022-29223

0.30%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-29223

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST
7.5
HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
3.9
3.6
GitHub, Inc.

CWE ids for CVE-2022-29223

References for CVE-2022-29223

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!