CVE-2024-25391
Published: 27 March 2024
Summary
CVE-2024-25391 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Rt-Thread Rt-Thread. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 18.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-22724
Vulnerability details
A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in RT-Thread through 5.0.2.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack buffer overflow in RT-Thread POSIX IPC mqueue enables memory corruption for arbitrary code execution (facilitating privilege escalation, T1068) and denial of service via application exploitation (T1499.004).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.