CVE-2022-39343

Azure RTOS FileX vulnerable to Buffer Offerflow

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Azure RTOS FileX is a FAT-compatible file system that’s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a valid log file with correct ID and checksum is detected by the `_fx_fault_tolerant_enable` function an attempt to recover the previous failed write operation is taken by call of `_fx_fault_tolerant_apply_logs`. This function iterates through the log entries and performs required recovery operations. When properly crafted a log including entries of type `FX_FAULT_TOLERANT_DIR_LOG_TYPE` may be utilized to introduce unexpected behavior. This issue has been patched in version 6.2.0. A workaround to fix line 218 in fx_fault_tolerant_apply_logs.c is documented in the GHSA.

Azure RTOS FileX es un sistema de archivos compatible con FAT que está completamente integrado con Azure RTOS ThreadX. En versiones anteriores a la 6.2.0, la característica Tolerante a fallos de Azure RTOS FileX incluye desbordamientos y subestimaciones de enteros que pueden aprovecharse para lograr un desbordamiento del búfer y modificar el contenido de la memoria. Cuando la función `_fx_fault_tolerant_enable` detecta un archivo de registro válido con ID y suma de verificación correctos, se intenta recuperar la operación de escritura fallida anterior mediante la llamada de `_fx_fault_tolerant_apply_logs`. Esta función recorre en iteración las entradas del registro y realiza las operaciones de recuperación necesarias. Cuando se elabora correctamente, se puede utilizar un registro que incluya entradas del tipo `FX_FAULT_TOLERANT_DIR_LOG_TYPE` para introducir comportamientos inesperados. Este problema se solucionó en la versión 6.2.0. En GHSA se documenta un workaround alternativo para corregir la línea 218 en fx_fault_tolerant_apply_logs.c.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-09-02 CVE Reserved
2022-11-08 CVE Published
2024-08-03 CVE Updated
2024-08-03 First Exploit
2024-12-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-190: Integer Overflow or Wraparound
CWE-191: Integer Underflow (Wrap or Wraparound)

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://github.com/azure-rtos/filex/security/advisories/GHSA-8jqf-wjhq-4w9f	2024-08-03

URL	Date	SRC
https://github.com/azure-rtos/filex/blob/master/common/src/fx_fault_tolerant_apply_logs.c#L218	2023-11-07

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Azure Rtos Filex Search vendor "Microsoft" for product "Azure Rtos Filex"				< 6.2.0 Search vendor "Microsoft" for product "Azure Rtos Filex" and version " < 6.2.0"		-		Affected