CVE-2025-55098
📋 TL;DR
This vulnerability allows an attacker to trigger an out-of-bounds read in USBX's audio device parsing function when a malicious USB audio device is connected. It affects systems using Eclipse ThreadX with USBX versions before 6.4.3 that have USB audio functionality enabled. The issue could lead to information disclosure or system instability.
💻 Affected Systems
- Eclipse ThreadX USBX module
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Information disclosure of adjacent memory contents, potentially exposing sensitive data or causing system crashes leading to denial of service.
Likely Case
System instability or crashes when connecting specially crafted USB audio devices, resulting in denial of service.
If Mitigated
Minimal impact with proper USB device whitelisting and input validation in place.
🎯 Exploit Status
Exploitation requires physical USB device connection or compromised USB infrastructure. No public exploits known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: USBX 6.4.3 and later
Vendor Advisory: https://github.com/eclipse-threadx/usbx/security/advisories/GHSA-4jc2-x5hv-46fq
Restart Required: No
Instructions:
1. Update USBX to version 6.4.3 or later. 2. Rebuild and redeploy your ThreadX application with the updated USBX library. 3. No system restart required for USBX update alone.
🔧 Temporary Workarounds
Disable USB audio support
allDisable USB audio device class support in USBX configuration to prevent parsing of vulnerable descriptors.
# In ux_user.h, set UX_HOST_CLASS_AUDIO_ENABLE to 0
# Rebuild and redeploy ThreadX application
USB device whitelisting
allImplement USB device filtering to only allow trusted USB audio devices.
# Implement USB device validation in application code
# Use USB device serial number or vendor/product ID filtering
🧯 If You Can't Patch
- Implement strict USB device access controls and physical security measures
- Monitor for unexpected system crashes or USB device connection attempts
🔍 How to Verify
Check if Vulnerable:
Check USBX version in your ThreadX build configuration or source code. Vulnerable if version < 6.4.3.Check Version:
grep -r "UX_VERSION" ux_api.h | grep -E "[0-9]+\.[0-9]+\.[0-9]+"Verify Fix Applied:
Verify USBX version is 6.4.3 or later in build configuration and test with USB audio device connections.📡 Detection & Monitoring
Log Indicators:
- System crashes or reboots after USB device connections
- USB enumeration errors in system logs
- Memory access violation logs
Network Indicators:
- Not applicable - local USB exploitation only
SIEM Query:
source="system_logs" AND ("USB" AND ("crash" OR "fault" OR "access violation"))