Eclipse USBX Unbounded Recursion Vulnerability in Extended Partition Handling
Vulnerability
A vulnerability exists in the Eclipse USBX library, specifically in versions through 6.4.2, within the partition handling of USB mass storage devices. The issue arises in the function '_ux_host_class_storage_media_mount()', which mounts partitions by recursively processing extended partition entries. This recursion, triggered by extended partitions in the partition table, can lead to unbounded depth, allowing for maliciously crafted disk images to cause stack overflow through excessive or cyclic partition chains.
Impact
Exploitation of this vulnerability leads to a stack overflow, which can commonly result in arbitrary code execution or causing a program to crash.
Reproduction
To reproduce this vulnerability, create a disk image with cyclic or excessively deep chains of extended partitions. When this image is processed by the '_ux_host_class_storage_media_mount()' function, the lack of recursion depth limits will cause the function to recurse indefinitely until a stack overflow occurs.
Remediation
Users can upgrade to USBX version 6.4.5, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.