ThreadX, a real-time operating system (RTOS) that serves as firmware for the Marvell Avastar Wi-Fi chipset, contains a major vulnerability that can enable remote code execution on affected systems, a researcher has reported.
Product lines that use Marvell Avastar and thus are potentially endangered by the vulnerability include the Sony PlayStation 4 and Xbox One gaming consoles, the Microsoft Surface (+Pro) tablet and laptop, Samsung's Chromebook laptop/tablet and Galaxy J1 smartphones, and Valve SteamLink cast devices.
Embedi researcher Denis Selianin detailed the vulnerability in a Jan. 18 company blog post that linked to a slide presentation from the November ZeroNights 2018 cyber conference. Selianin identified the issue as a ThreadX block pool overflow condition that can be triggered whenever the device scans for available networks, without any user interaction or any knowledge of a Wi-Fi network name or passphrase/key – even when a device isn't connected to a network. In essence, attackers can exploit the bug by overwriting code or function pointers pertaining to free blocks of memory.
According to Selianin's presentation, ThreadX developer Express Logic was notified of the issue last May, but a fix is still in process. SC Media has reached out to Express Logic for comment.