CVE-2025-5865

Sažetak

A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sys_select of the file rt-thread/components/lwp/lwp_syscall.c of the component Parameter Handler. The manipulation of the argument timeout leads to memory corruption. The vendor explains, that "[t]he timeout parameter should be checked to check if it can be accessed correctly in kernel mode and used temporarily in kernel memory."

Reference

https://github.com/RT-Thread/rt-thread/issues/10298
https://github.com/RT-Thread/rt-thread/issues/10298#issuecomment-2894952150
https://vuldb.com/?ctiid.311624
https://vuldb.com/?id.311624
https://vuldb.com/?submit.584124
https://github.com/RT-Thread/rt-thread/issues/10298

CVSS

Base:	7.7
Impact:	10.0
Exploitability:	5.1

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:A/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

09-06-2025 - 14:15

Objavljeno

09-06-2025 - 07:15