RT-Thread Array Index Vulnerability in sys_sigprocmask Function

A critical vulnerability exists in RT-Thread version 5.1.0 within the sys_sigprocmask system call. The issue arises from inadequate validation of the 'how' parameter, which is used as an array index without proper bounds checking. This flaw can lead to out-of-bounds memory access, potentially causing kernel crashes and unauthorized access to kernel memory, with implications for privilege escalation.

Impact

Exploitation of this vulnerability can cause a kernel crash, leading to a denial-of-service condition. Additionally, in some cases, it could be used to access kernel memory, allowing for privilege escalation.

Reproduction

The vulnerability can be reproduced by manipulating the 'how' parameter in the sys_sigprocmask function. This can be done by sending a user thread request that includes an invalid 'how' value, which will be processed without proper validation, leading to out-of-bounds array access.