ByteOS Network

NVD Vulnerability Details :

CVE-2025-55095

Awaiting Analysis

Source-emo@eclipse.org

Published At-27 Jan, 2026 | 16:16

Updated At-29 Jan, 2026 | 16:31

The function _ux_host_class_storage_media_mount() is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in _ux_host_class_storage_partition_read(), which parses up to four partition entries. If an extended partition is found (with type UX_HOST_CLASS_STORAGE_PARTITION_EXTENDED or EXTENDED_LBA_MAPPED), the code invokes: _ux_host_class_storage_media_mount(storage, sector + _ux_utility_long_get(...)); There is no limit on the recursion depth or tracking of visited sectors. As a result, a malicious or malformed disk image can include cyclic or excessively deep chains of extended partitions, causing the function to recurse until stack overflow occurs.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.2	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 4.2

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-121	Primary	emo@eclipse.org
CWE-674	Primary	emo@eclipse.org

CWE ID: CWE-121

Type: Primary

Source: emo@eclipse.org

CWE ID: CWE-674

Type: Primary

Source: emo@eclipse.org

References

Hyperlink	Source	Resource
https://github.com/eclipse-threadx/usbx/security/advisories/GHSA-qfmp-wch9-rpv2	emo@eclipse.org	N/A

Hyperlink: https://github.com/eclipse-threadx/usbx/security/advisories/GHSA-qfmp-wch9-rpv2

Source: emo@eclipse.org

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History