PX4 Autopilot Throttle Safety Check Bypass Vulnerability in Mode Switching Logic

A logic flaw has been identified in the mode switching mechanism of PX4 Autopilot, specifically in versions 1.12.x through 1.15.x. This vulnerability allows drones to bypass throttle safety checks when transitioning from Auto mode to Manual mode while the drone is in the 'ARMED' state. As a result, if the physical throttle stick is not fully lowered, the drone can execute an uncommanded ascent, leading to potential crashes, property damage, or personal injury.

Impact

Exploitation of this vulnerability causes the drone to lose control and ascend rapidly and uncontrollably, creating a flyaway situation that can result in crashes and property damage.

Reproduction

The vulnerability can be reproduced in a Software In The Loop (SITL) simulation environment using QGroundControl. After landing a drone that has been automated to disarm later, the throttle stick can be raised while the drone is still armed. When the flight mode is switched to Manual, the drone ignores the usual safety checks and ascends rapidly, demonstrating the flaw.

Remediation

Until a patch is applied, drone operators should manually disarm the vehicle immediately after landing and ensure the throttle stick is fully lowered before switching flight modes.