CVE-2024-40427
Published: 07 January 2025
Summary
CVE-2024-40427 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Dronecode Px4 Drone Autopilot. Its CVSS base score is 7.9 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 45.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2024-40427 is a stack buffer overflow vulnerability (CWE-120) in PX4-Autopilot version 1.14.3. Published on 2025-01-07, it carries a CVSS v3.1 base score of 7.9 (AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H), indicating high severity due to its potential for significant integrity and availability impacts without confidentiality loss.
The vulnerability can be exploited by local attackers with low privileges who trick a user into some interaction. Successful exploitation enables command execution, allowing attackers to manipulate program behavior and cause the software to refuse execution, resulting in high integrity and availability disruptions within a changed scope.
Mitigation is addressed in a patch via GitHub commit e03e0261a1a0c82f545e66a1e3795956c886db71 in the PX4-Autopilot repository. Further details on the issue and remediation are available in the associated security advisory at GHSA-55wq-2hgm-75m4.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-38810
Vulnerability details
Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers to execute commands to exploit this vulnerability and cause the program to refuse to execute
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local stack buffer overflow enables arbitrary code execution with integrity/availability impact and changed scope, directly mapping to exploitation for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the stack buffer overflow by requiring timely remediation through patching, as evidenced by the specific GitHub commit fixing CVE-2024-40427 in PX4-Autopilot.
Prevents stack buffer overflows like CWE-120 in PX4-Autopilot by enforcing validation of inputs to ensure they do not exceed buffer boundaries.
Addresses exploitation of the stack buffer overflow in PX4-Autopilot by implementing memory protections such as stack canaries and address space layout randomization.