Arduino_Core_STM32 Stack-Based Use-After-Return Vulnerability

A stack-use-after-return vulnerability has been identified in the Arduino_Core_STM32 library, affecting versions prior to 1.7.0. The issue arises in the pwm_start() function, where a TIM_HandleTypeDef structure is allocated on the stack and its address is passed to HAL initialization routines. This address is then stored in a global timer handle registry. After the function returns, interrupt service routines may dereference this dangling pointer, leading to memory corruption.

Impact

Exploitation of this vulnerability can cause memory corruption, with possible consequences including a denial-of-service condition, such as a crash or HardFault, and potentially allowing code execution under certain memory and control conditions.

Remediation

Users can upgrade to Arduino_Core_STM32 version 1.7.0 or later, where this vulnerability has been fixed. The updated version is available through the Arduino library manager or can be downloaded from the Arduino_Core_STM32 GitHub releases page.