May 29, 2024 at 11:00AM
Humanativa Group identified security vulnerabilities in Eclipse ThreadX, previously known as Azure RTOS. Marco Ivaldi found issues, including memory corruption and DoS risk, from research of publicly available source code. The flaws were reported to Microsoft and Eclipse Foundation and addressed in Eclipse ThreadX version 6.4.0, with additional bugs to be managed in future releases.
From the meeting notes, it is evident that Humanativa Group has discovered and reported several vulnerabilities in Eclipse ThreadX, an open-source real-time operating system for IoT devices. The vulnerabilities identified by Marco Ivaldi could lead to memory corruption, denial-of-service conditions, and execution of arbitrary code. These vulnerabilities were reported to Microsoft and the Eclipse Foundation and were subsequently addressed in Eclipse ThreadX version 6.4.0. In addition, Humanativa Group reported additional bugs with security implications which were not considered vulnerabilities by the ThreadX maintainers but were to be addressed in future OS releases. This information provides a clear overview of the vulnerabilities found in Eclipse ThreadX and their resolution.