Question regarding vulnerability CVE-2023-48693

Question

Question regarding vulnerability CVE-2023-48693

Opened this issue a month ago · 1 comments

Hello,
We are running ThreadX version 6.2.1 on products where a version bump is not possible (will bump for future products).

Would it be possible to know which commit/PR is responsible for fixing the remote code execution vulnerability, in order to be able to assess if we can patch it on earlier products on our end ?

Thank you for your support and have a great day,
Bastien

Answer 1 · 2024-09-03T10:51:43.000Z

I guess it is about #307 (which BTW effects just threadx modules, in none module there is no privilege mechanism anyway)