GCVE - cpe:2.3:o:eclipse:threadx_usbx:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:eclipse:threadx_usbx:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Eclipse (`fa988180-604e-5c1f-93ea-65b5297000fc`)
Product	Threadx Usbx (`0753cd1a-b2bd-5863-b447-bfa7f5c8f877`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/eclipse-threadx/usbx`	purl2cpe	2026-06-01 10:15:03.162747

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-55100`	vulnerable	2026-06-03 15:04:57.650641	Potential out-of-bounds read in _ux_host_class_audio10_sam_parse_func() In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio10_sam_parse_func() when parsing a list of sampling frequencies. Published: 2025-10-17T05:40:10.333Z Updated: 2025-10-17T13:11:00.258Z Open on db.gcve.eu Reference links https://github.com/eclipse-threadx/usbx/security/advisories/GHSA-j253-w29r-9m48	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-55099`	vulnerable	2026-06-03 15:04:57.650170	Potential out-of-bounds read in _ux_host_class_audio_alternate_setting_locate() In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_alternate_setting_locate() when parsing a descriptor with attacker-controlled frequency fields. Published: 2025-10-17T05:38:30.900Z Updated: 2025-10-17T13:13:12.730Z Open on db.gcve.eu Reference links https://github.com/eclipse-threadx/usbx/security/advisories/GHSA-93mv-fcpr-9488	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-55098`	vulnerable	2026-06-03 15:04:57.649651	Potential out-of-bounds read in _ux_host_class_audio_device_type_get() In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_device_type_get() when parsing a descriptor of an USB audio device. Published: 2025-10-17T05:36:59.542Z Updated: 2025-10-17T14:14:20.773Z Open on db.gcve.eu Reference links https://github.com/eclipse-threadx/usbx/security/advisories/GHSA-4jc2-x5hv-46fq	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-55097`	vulnerable	2026-06-03 15:04:57.649063	Potential out-of-bounds read in _ux_host_class_audio_streaming_sampling_get() In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_streaming_sampling_get() when parsing a descriptor of an USB streaming device. Published: 2025-10-17T05:35:02.744Z Updated: 2025-10-17T13:15:56.507Z Open on db.gcve.eu Reference links https://github.com/eclipse-threadx/usbx/security/advisories/GHSA-r6h5-fmhc-v3j7	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-55096`	vulnerable	2026-06-03 15:04:57.646945	Inadequate bounds check and potential underflow in _ux_host_class_hid_report_descriptor_get() In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_hid_report_descriptor_get() when parsing a descriptor of an USB HID device. Published: 2025-10-17T05:32:45.567Z Updated: 2025-10-17T13:20:44.212Z Open on db.gcve.eu Reference links https://github.com/eclipse-threadx/usbx/security/advisories/GHSA-8m9v-jvjp-gmxq	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.