CVE

CVE-2024-2212

Date: (C)2024-03-27   (M)2024-03-27

In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows.

Reference:

https://github.com/eclipse-threadx/threadx/security/advisories/GHSA-v9jj-7qjg-h6g6