PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized dev_name_len, causing a stack overflow in the driver and crashing the task (or enabling code execution).
This vulnerability is fixed in 1.17.0-rc2.
Attack Parameters
Attack Vector
Physical
Requires physical access
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service
CVSS Vector v3.1
Weakness Type (CWE)
Vulnerable Products 4
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Dronecode Px4_Drone_Autopilot
cpe:2.3:a:dronecode:px4_drone_autopilot:*:*:*:*:*:*:*:*
|
— |
1.17.0
|
|
Dronecode Px4_Drone_Autopilot
cpe:2.3:a:dronecode:px4_drone_autopilot:1.17.0:alpha1:*:*:*:*:*:*
|
— | — |
|
Dronecode Px4_Drone_Autopilot
cpe:2.3:a:dronecode:px4_drone_autopilot:1.17.0:beta1:*:*:*:*:*:*
|
— | — |
|
Dronecode Px4_Drone_Autopilot
cpe:2.3:a:dronecode:px4_drone_autopilot:1.17.0:rc1:*:*:*:*:*:*
|
— | — |