汇总 rt-thread 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 缓冲区溢出、路径处理缺陷与内存损坏 相关,可能在 软件部署与生产负载 场景中带来 应用崩溃与内存损坏 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2025-6693 | A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sys_device_open/sys_device_read/sys_device_control/sys_device_init/sys_device_close/sys_device_write of the file components/drivers/core/device.c. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The vendor was contacted early about this disclosure but did not respond in any way. | [email protected] | 8.5 | 0.25% | 2025-06-26 | 2026-06-17 |
| CVE-2025-5869 | A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. Affected is the function sys_recvfrom of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument from leads to memory corruption. | [email protected] | 8.6 | 0.73% | 2025-06-09 | 2026-06-17 |
| CVE-2025-5868 | A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. This issue affects the function sys_thread_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index. | [email protected] | 8.6 | 0.95% | 2025-06-09 | 2026-06-17 |
| CVE-2025-5867 | A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument to leads to null pointer dereference. | [email protected] | 8.6 | 0.98% | 2025-06-09 | 2026-06-17 |
| CVE-2025-5866 | A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index. | [email protected] | 8.6 | 0.74% | 2025-06-09 | 2026-06-17 |
| CVE-2025-5865 | A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sys_select of the file rt-thread/components/lwp/lwp_syscall.c of the component Parameter Handler. The manipulation of the argument timeout leads to memory corruption. The vendor explains, that "[t]he timeout parameter should be checked to check if it can be accessed correctly in kernel mode and used temporarily in kernel memory." | [email protected] | 8.6 | 0.78% | 2025-06-09 | 2026-06-17 |
| CVE-2025-1115 | A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Affected by this vulnerability is the function sys_device_close/sys_device_control/sys_device_find/sys_device_init/sys_device_open/sys_device_read/sys_device_register/sys_device_write/sys_event_delete/sys_event_recv/sys_event_send/sys_mb_delete/sys_mb_recv/sys_mb_send/sys_mb_send_wait/sys_mq_recv/sys_mq_send/sys_mq_urgent/sys_mutex_delete/sys_mutex_release/sys_mutex_take/sys_rt_timer_control/sys_rt_timer_delete/sys_rt_ | [email protected] | 4.8 | 0.28% | 2025-02-08 | 2026-06-17 |
| CVE-2024-25395 | A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2. | [email protected] | 8.8 | 1.01% | 2024-03-26 | 2026-06-17 |
| CVE-2024-25394 | A buffer overflow occurs in utilities/ymodem/ry_sy.c in RT-Thread through 5.0.2 because of an incorrect sprintf call or a missing '\0' character. | [email protected] | 4.3 | 0.64% | 2024-03-26 | 2026-06-17 |
| CVE-2024-25393 | A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2. | [email protected] | 9.8 | 1.07% | 2024-03-26 | 2026-06-17 |
| CVE-2024-25392 | An out-of-bounds access occurs in utilities/var_export/var_export.c in RT-Thread through 5.0.2. | [email protected] | 5.9 | 0.28% | 2024-03-26 | 2026-06-17 |
| CVE-2024-25391 | A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in RT-Thread through 5.0.2. | [email protected] | 8.4 | 0.32% | 2024-03-26 | 2026-06-17 |
| CVE-2024-25390 | A heap buffer overflow occurs in finsh/msh_file.c and finsh/msh.c in RT-Thread through 5.0.2. | [email protected] | 8.4 | 0.32% | 2024-03-26 | 2026-06-17 |
| CVE-2024-25389 | RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L * seed + 2531011L; return (seed >> 16) & 0x7FFF;" in calc_random in drivers/misc/rt_random.c. | [email protected] | 7.5 | 0.82% | 2024-03-26 | 2026-06-17 |
| CVE-2024-25388 | drivers/wlan/wlan_mgmt,c in RT-Thread through 5.0.2 has an integer signedness error and resultant buffer overflow. | [email protected] | 8.4 | 0.32% | 2024-03-26 | 2026-06-17 |
| CVE-2024-24335 | A heap buffer overflow occurs in the dfs_v2 romfs filesystem RT-Thread through 5.0.2. | [email protected] | 8.4 | 0.40% | 2024-03-26 | 2026-06-17 |
| CVE-2024-24334 | A heap buffer overflow occurs in dfs_v2 dfs_file in RT-Thread through 5.0.2. | [email protected] | 8.4 | 0.40% | 2024-03-26 | 2026-06-17 |