Description
A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs.
References (2)
Core 2
Core References
Patch, Third Party Advisory
https://github.com/STMicroelectronics/stm32_mw_usb_host/pull/4
Various Sources
https://github.com/STMicroelectronics/stm32_mw_usb_host
Scores
CVSS v3
6.8
EPSS
0.0149
EPSS Percentile
81.1%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-120
Status
published
Products (1)
st/stm32_mw_usb_host
Published
Oct 21, 2022
Tracked Since
Feb 18, 2026