Volerion logoVolerion
Volerion logoVolerion

Eclipse ThreadX Wild Pointer Vulnerability in OSEK Compatibility Layer CreateCounter Function

Vulnerability

A wild pointer vulnerability has been identified in Eclipse ThreadX versions 6.1.7 through 6.4.3. The issue arises in the CreateCounter() function within the OSEK compatibility layer, specifically in the error-checking logic related to the osek_get_counter() return value. The function incorrectly interprets a failure indication, leading to the creation of a wild pointer when the counter pool is exhausted. This wild pointer can be exploited to write to illegal memory addresses, potentially causing immediate HardFaults or silent memory corruption. The vulnerability also opens the door to denial-of-service attacks by exhausting the counter pool.

Impact

Exploitation of this vulnerability leads to wild pointer creation, allowing writes to illegal memory addresses. This can cause immediate HardFaults or silent memory corruption. Additionally, the vulnerability could be used to conduct denial-of-service attacks by depleting the counter pool.

Remediation

Users can upgrade to Eclipse ThreadX version 6.4.5 to address this vulnerability.

Added: Jan 27, 2026, 4:28 PM
Updated: Jan 27, 2026, 4:28 PM

Vulnerability Rating

Custom Algorithm
spread
6.6
impact
7.5
exploitability
3.3
remediation
7.7
relevance
2.4
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.