Primary

Context

Eclipse USBX Out-of-Bounds Read Vulnerability in Audio Streaming Descriptor Parsing

Vulnerability

A potential out-of-bounds read vulnerability has been identified in the USBX USB support module for Eclipse Foundation ThreadX, prior to version 6.4.3. The issue arises in the function '_ux_host_class_audio_streaming_sampling_get()', which parses USB audio streaming interface descriptors. The vulnerability occurs because the function does not properly validate the length of the descriptor before reading specific frequency values, leading to a possible out-of-bounds memory read. This could be exploited by a malicious USB device to cause crashes or disclose memory contents.

Impact

Exploitation of this vulnerability could result in crashes or unintended memory disclosure.

Remediation

Users can upgrade to USBX version 6.4.3 or later to address this vulnerability.

Added: Oct 17, 2025, 6:18 AM

Updated: Oct 17, 2025, 6:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.6

remediation

7.7

relevance

0.7

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.6

remediation

7.7

relevance

0.7

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Eclipse USBX Out-of-Bounds Read Vulnerability in Audio Streaming Descriptor Parsing

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating