CVE-2025-5865 HIGH

CVE-2025-5865: RT-Thread Parameter lwp_syscall.c sys_select memory corruption

Vendor N/A
Product RT-Thread
Weakness CWE-119
Published June 9, 2025
Last update June 9, 2025

CVSS base score

8.6/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sys_select of the file rt-thread/components/lwp/lwp_syscall.c of the component Parameter Handler. The manipulation of the argument timeout leads to memory corruption. The vendor explains, that "[t]he timeout parameter should be checked to check if it can be accessed correctly in kernel mode and used temporarily in kernel memory."

Key dates

02Disclosure timeline

June 9, 2025 CVE published
June 9, 2025 Record updated