RT-Thread Memory Corruption Vulnerability in sys_recvfrom Function

Vulnerability

A critical vulnerability allowing memory corruption has been identified in RT-Thread version 5.1.0. The issue arises in the sys_recvfrom function within the file rt-thread/components/lwp/lwp_syscall.c. The vulnerability is caused by inadequate validation of the 'from' parameter pointer, which can be manipulated to write to arbitrary locations in kernel memory. This flaw could lead to privilege escalation and compromise the system.

Impact

Exploitation of this vulnerability allows for unauthorized writing to kernel memory, which could result in a system crash or data corruption.

Added: Jun 9, 2025, 9:19 AM

Updated: Jun 9, 2025, 9:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RT-Thread Memory Corruption Vulnerability in sys_recvfrom Function

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating