What is RTOS? Azure RTOS is an embedded development suite including a small but powerful operating system that provides reliable, ultra-fast performance for resource-constrained devices. See Azure RTOS Overview for more information. What version of Azure RTOS has the update that protects from this vulnerability? Version 6.1.9 According to the CVSS, User Interaction is Required. What interaction would the user have to do? Exploitation of this vulnerability requires that a user plug in a malicious USB device. What is the action required to take the update? You need to recompile your project with updated USBX source code. In addition, if your USB device driver uses vendor request (registered by ux_device_stack_microsoft_extension_register) you need to update your code to perform memory boundary check. If you are not using vendor requests, (i.e. you don’t register the callback function) you don’t need to update your code.
Szymon Heidrich