RT-Thread Null Pointer Dereference Vulnerability in sys_sendto Function

Vulnerability

A critical null pointer dereference vulnerability has been identified in RT-Thread version 5.1.0. The issue arises in the sys_sendto system call within the Smart version of RT-Thread. The vulnerability is caused by inadequate validation of the 'to' parameter in the 'sockaddr_tolwip' function, which is invoked by 'sys_sendto'. While the code checks if the pointer is NULL, it fails to ensure that the pointer references valid memory. This flaw could be exploited by a compromised user thread, potentially leading to severe security consequences such as kernel crashes and unauthorized access to memory.

Impact

Exploitation of this vulnerability can cause a kernel crash due to invalid memory access, creating a denial-of-service condition. Additionally, in some cases, it could be used to access kernel memory, leading to privilege escalation.

Added: Jun 9, 2025, 8:18 AM

Updated: Jun 9, 2025, 8:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RT-Thread Null Pointer Dereference Vulnerability in sys_sendto Function

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating