GCVE - cpe:2.3:a:eclipse_foundation:usbx:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:eclipse_foundation:usbx:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Eclipse Foundation (`2c315c48-0111-5572-bbde-cc70cfafb2e9`)
Product	Usbx (`c250863e-4723-5fd4-8d02-53a020e4b549`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-55100`	vulnerable	2026-06-03 15:04:57.650498	Potential out-of-bounds read in _ux_host_class_audio10_sam_parse_func() In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio10_sam_parse_func() when parsing a list of sampling frequencies. Published: 2025-10-17T05:40:10.333Z Updated: 2025-10-17T13:11:00.258Z Open on db.gcve.eu Reference links https://github.com/eclipse-threadx/usbx/security/advisories/GHSA-j253-w29r-9m48	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-55099`	vulnerable	2026-06-03 15:04:57.650002	Potential out-of-bounds read in _ux_host_class_audio_alternate_setting_locate() In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_alternate_setting_locate() when parsing a descriptor with attacker-controlled frequency fields. Published: 2025-10-17T05:38:30.900Z Updated: 2025-10-17T13:13:12.730Z Open on db.gcve.eu Reference links https://github.com/eclipse-threadx/usbx/security/advisories/GHSA-93mv-fcpr-9488	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-55098`	vulnerable	2026-06-03 15:04:57.649490	Potential out-of-bounds read in _ux_host_class_audio_device_type_get() In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_device_type_get() when parsing a descriptor of an USB audio device. Published: 2025-10-17T05:36:59.542Z Updated: 2025-10-17T14:14:20.773Z Open on db.gcve.eu Reference links https://github.com/eclipse-threadx/usbx/security/advisories/GHSA-4jc2-x5hv-46fq	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-55097`	vulnerable	2026-06-03 15:04:57.649001	Potential out-of-bounds read in _ux_host_class_audio_streaming_sampling_get() In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_streaming_sampling_get() when parsing a descriptor of an USB streaming device. Published: 2025-10-17T05:35:02.744Z Updated: 2025-10-17T13:15:56.507Z Open on db.gcve.eu Reference links https://github.com/eclipse-threadx/usbx/security/advisories/GHSA-r6h5-fmhc-v3j7	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.