彙總 rt-thread 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 緩衝區溢位、路徑處理缺陷與記憶體損壞 相關,可能在 軟體部署與生產負載 場景中帶來 應用程式崩潰與記憶體損壞 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-6693 | A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sys_device_open/sys_device_read/sys_device_control/sys_device_init/sys_device_close/sys_device_write of the file components/drivers/core/device.c. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The vendor was contacted early about this disclosure but did not respond in any way. | [email protected] | 8.5 | 0.25% | 2025-06-26 | 2025-07-11 |
| CVE-2025-5869 | A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. Affected is the function sys_recvfrom of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument from leads to memory corruption. | [email protected] | 8.6 | 0.73% | 2025-06-09 | 2025-07-11 |
| CVE-2025-5868 | A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. This issue affects the function sys_thread_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index. | [email protected] | 8.6 | 0.95% | 2025-06-09 | 2025-07-11 |
| CVE-2025-5867 | A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument to leads to null pointer dereference. | [email protected] | 8.6 | 0.98% | 2025-06-09 | 2025-07-11 |
| CVE-2025-5866 | A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index. | [email protected] | 8.6 | 0.74% | 2025-06-09 | 2025-07-11 |
| CVE-2025-5865 | A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sys_select of the file rt-thread/components/lwp/lwp_syscall.c of the component Parameter Handler. The manipulation of the argument timeout leads to memory corruption. The vendor explains, that "[t]he timeout parameter should be checked to check if it can be accessed correctly in kernel mode and used temporarily in kernel memory." | [email protected] | 8.6 | 0.78% | 2025-06-09 | 2025-07-11 |
| CVE-2025-1115 | A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Affected by this vulnerability is the function sys_device_close/sys_device_control/sys_device_find/sys_device_init/sys_device_open/sys_device_read/sys_device_register/sys_device_write/sys_event_delete/sys_event_recv/sys_event_send/sys_mb_delete/sys_mb_recv/sys_mb_send/sys_mb_send_wait/sys_mq_recv/sys_mq_send/sys_mq_urgent/sys_mutex_delete/sys_mutex_release/sys_mutex_take/sys_rt_timer_control/sys_rt_timer_delete/sys_rt_ | [email protected] | 4.8 | 0.28% | 2025-02-08 | 2025-11-04 |
| CVE-2024-25395 | A buffer overflow occurs in utilities/rt-link/src/rtlink.c in RT-Thread through 5.0.2. | [email protected] | 8.8 | 1.01% | 2024-03-27 | 2025-11-04 |
| CVE-2024-25394 | A buffer overflow occurs in utilities/ymodem/ry_sy.c in RT-Thread through 5.0.2 because of an incorrect sprintf call or a missing '\0' character. | [email protected] | 4.3 | 0.64% | 2024-03-27 | 2025-11-04 |
| CVE-2024-25393 | A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2. | [email protected] | 9.8 | 1.07% | 2024-03-27 | 2025-11-04 |
| CVE-2024-25392 | An out-of-bounds access occurs in utilities/var_export/var_export.c in RT-Thread through 5.0.2. | [email protected] | 5.9 | 0.28% | 2024-03-27 | 2025-11-04 |
| CVE-2024-25391 | A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in RT-Thread through 5.0.2. | [email protected] | 8.4 | 0.32% | 2024-03-27 | 2025-11-04 |
| CVE-2024-25390 | A heap buffer overflow occurs in finsh/msh_file.c and finsh/msh.c in RT-Thread through 5.0.2. | [email protected] | 8.4 | 0.32% | 2024-03-27 | 2025-11-04 |
| CVE-2024-25389 | RT-Thread through 5.0.2 generates random numbers with a weak algorithm of "seed = 214013L * seed + 2531011L; return (seed >> 16) & 0x7FFF;" in calc_random in drivers/misc/rt_random.c. | [email protected] | 7.5 | 0.82% | 2024-03-27 | 2025-11-04 |
| CVE-2024-25388 | drivers/wlan/wlan_mgmt,c in RT-Thread through 5.0.2 has an integer signedness error and resultant buffer overflow. | [email protected] | 8.4 | 0.32% | 2024-03-27 | 2025-11-04 |
| CVE-2024-24335 | A heap buffer overflow occurs in the dfs_v2 romfs filesystem RT-Thread through 5.0.2. | [email protected] | 8.4 | 0.40% | 2024-03-27 | 2025-11-04 |
| CVE-2024-24334 | A heap buffer overflow occurs in dfs_v2 dfs_file in RT-Thread through 5.0.2. | [email protected] | 8.4 | 0.40% | 2024-03-27 | 2025-04-30 |