CVE-2024-38952 – A buffer overflow vulnerability in PX4-Autopilo... (How to Fix)

📋 TL;DR

A buffer overflow vulnerability in PX4-Autopilot v1.14.3 allows attackers to execute arbitrary code or crash the system by exploiting the topic_name parameter in logged_topics.cpp. This affects drone and autonomous vehicle systems using this specific version of the PX4 flight stack. The vulnerability could lead to complete system compromise or denial of service.

💻 Affected Systems

Products:

PX4-Autopilot

Versions: v1.14.3 specifically

Operating Systems: Linux-based drone/vehicle systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems using the logger module with logged topics functionality enabled

📦 What is this software?

Px4 Drone Autopilot by Dronecode

View all CVEs affecting Px4 Drone Autopilot →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system takeover, potential drone/vehicle hijacking, or permanent system damage

🟠

Likely Case

System crash or denial of service causing drone/vehicle to become unresponsive or crash

🟢

If Mitigated

Limited impact with proper input validation and memory protections in place

🌐 Internet-Facing: MEDIUM - Requires specific conditions but could be exploited if drone/vehicle systems are exposed to untrusted networks

🏢 Internal Only: LOW - Typically requires local access or compromised internal systems

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires specific knowledge of the logger module and ability to manipulate topic_name parameter

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.14.4 or later

Vendor Advisory: https://github.com/PX4/PX4-Autopilot/issues/23258

Restart Required: Yes

Instructions:

1. Update PX4-Autopilot to v1.14.4 or later
2. Rebuild the flight stack
3. Deploy updated firmware to affected drones/vehicles
4. Restart all affected systems

🔧 Temporary Workarounds

Disable logger module

all

Temporarily disable the vulnerable logger module to prevent exploitation

Set parameter SDLOG_MODE=0 in PX4 configuration

Input validation

linux

Add custom input validation for topic_name parameter

Implement bounds checking in logged_topics.cpp before line 440

🧯 If You Can't Patch

Isolate affected systems from untrusted networks
Implement strict input validation and monitoring for abnormal topic_name values

🔍 How to Verify

Check if Vulnerable:

Check PX4 version with 'px4-version' command or inspect firmware version in system logs

Check Version:

px4-version | grep -i version

Verify Fix Applied:

Verify version is v1.14.4 or later and test logger functionality with malformed topic_name inputs

📡 Detection & Monitoring

Log Indicators:

Segmentation faults in logger module
Abnormally long topic_name strings in logs
Repeated logger crashes

Network Indicators:

Unusual network traffic to logger port
Malformed Mavlink messages targeting topic_name

SIEM Query:

source="px4_logs" AND ("segmentation fault" OR "buffer overflow" OR "logger crash")

📊 Metadata

CVE ID: CVE-2024-38952

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

Published: June 25, 2024

Last Updated: June 20, 2025

🔗 References

https://github.com/PX4/PX4-Autopilot/blob/main/src/modules/logger/logged_topics.cpp#L440 Product
https://github.com/PX4/PX4-Autopilot/blob/main/src/modules/logger/logged_topics.cpp#L561 Product
https://github.com/PX4/PX4-Autopilot/issues/23258 Exploit,Issue Tracking,Vendor Advisory
https://github.com/PX4/PX4-Autopilot/blob/main/src/modules/logger/logged_topics.cpp#L440 Product
https://github.com/PX4/PX4-Autopilot/blob/main/src/modules/logger/logged_topics.cpp#L561 Product
https://github.com/PX4/PX4-Autopilot/issues/23258 Exploit,Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-38952, you might also want to check these: