CVE-2025-1115: RT-Thread lwp_syscall.c sys_thread_create information disclosure

3.3 CVSS

Description

A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Affected by this vulnerability is the function sys_thread_create of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument arg[0] leads to information disclosure. An attack has to be approached locally. In RT-Thread bis 5.1.0 wurde eine problematische Schwachstelle entdeckt. Das betrifft die Funktion sys_thread_create der Datei rt-thread/components/lwp/lwp_syscall.c. Dank Manipulation des Arguments arg[0] mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden.

Classification

CVE ID: CVE-2025-1115

CVSS Base Severity: LOW

CVSS Base Score: 3.3

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected Products

Vendor: n/a

Product: RT-Thread

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 18.35% (scored less or equal to compared to others)

EPSS Date: 2025-03-09 (when was this score calculated)

References

https://vuldb.com/?id.295021
https://vuldb.com/?ctiid.295021
https://vuldb.com/?submit.489903
https://github.com/RT-Thread/rt-thread/issues/9877

Timeline

2025-02-09 00:30:17 UTC
CVE

RT-Thread lwp_syscall.c sys_thread_create information disclosure