CVE-2022-39343

{"id": "CVE-2022-39343", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.2}]}, "published": "2022-11-08T08:15:09.537", "references": [{"url": "https://github.com/azure-rtos/filex/blob/master/common/src/fx_fault_tolerant_apply_logs.c#L218", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/azure-rtos/filex/security/advisories/GHSA-8jqf-wjhq-4w9f", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-191"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "Azure RTOS FileX is a FAT-compatible file system that\u2019s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a valid log file with correct ID and checksum is detected by the `_fx_fault_tolerant_enable` function an attempt to recover the previous failed write operation is taken by call of `_fx_fault_tolerant_apply_logs`. This function iterates through the log entries and performs required recovery operations. When properly crafted a log including entries of type `FX_FAULT_TOLERANT_DIR_LOG_TYPE` may be utilized to introduce unexpected behavior. This issue has been patched in version 6.2.0. A workaround to fix line 218 in fx_fault_tolerant_apply_logs.c is documented in the GHSA."}, {"lang": "es", "value": "Azure RTOS FileX es un sistema de archivos compatible con FAT que est\u00e1 completamente integrado con Azure RTOS ThreadX. En versiones anteriores a la 6.2.0, la caracter\u00edstica Tolerante a fallos de Azure RTOS FileX incluye desbordamientos y subestimaciones de enteros que pueden aprovecharse para lograr un desbordamiento del b\u00fafer y modificar el contenido de la memoria. Cuando la funci\u00f3n `_fx_fault_tolerant_enable` detecta un archivo de registro v\u00e1lido con ID y suma de verificaci\u00f3n correctos, se intenta recuperar la operaci\u00f3n de escritura fallida anterior mediante la llamada de `_fx_fault_tolerant_apply_logs`. Esta funci\u00f3n recorre en iteraci\u00f3n las entradas del registro y realiza las operaciones de recuperaci\u00f3n necesarias. Cuando se elabora correctamente, se puede utilizar un registro que incluya entradas del tipo `FX_FAULT_TOLERANT_DIR_LOG_TYPE` para introducir comportamientos inesperados. Este problema se solucion\u00f3 en la versi\u00f3n 6.2.0. En GHSA se documenta un workaround alternativo para corregir la l\u00ednea 218 en fx_fault_tolerant_apply_logs.c."}], "lastModified": "2023-11-07T03:50:27.067", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:azure_rtos_filex:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDA74F57-5852-4584-82B6-FF1D07B311C9", "versionEndExcluding": "6.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}