Primary

Context

RT-Thread Memory Corruption Vulnerability in sys_select Function

Vulnerability

A critical vulnerability exists in RT-Thread version 5.1.0 within the sys_select function of the lwp_syscall component. This issue arises from inadequate validation of the timeout parameter, which is only checked for NULL but not for valid memory access. Exploitation of this vulnerability could lead to memory corruption, causing kernel crashes and unauthorized access to kernel memory, with potential for privilege escalation.

Impact

Exploitation of this vulnerability can cause a kernel crash, leading to a denial-of-service condition. Additionally, it could allow a compromised user thread to access kernel memory, potentially escalating privileges.

Reproduction

The vulnerability can be reproduced by calling the sys_select function with a timeout parameter that points to invalid memory. This can be done from a user thread, taking advantage of the lack of proper validation before the timeout pointer is dereferenced.

Added: Jun 9, 2025, 7:18 AM

Updated: Jun 9, 2025, 7:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RT-Thread Memory Corruption Vulnerability in sys_select Function

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating