Description

The function _ux_host_class_storage_media_mount() is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in _ux_host_class_storage_partition_read(), which parses up to four partition entries. If an extended partition is found (with type UX_HOST_CLASS_STORAGE_PARTITION_EXTENDED or EXTENDED_LBA_MAPPED), the code invokes: _ux_host_class_storage_media_mount(storage, sector + _ux_utility_long_get(...)); There is no limit on the recursion depth or tracking of visited sectors. As a result, a malicious or malformed disk image can include cyclic or excessively deep chains of extended partitions, causing the function to recurse until stack overflow occurs.

INFO

Published Date :

2026-01-27T15:34:47.755Z

Last Modified :

2026-01-27T15:58:14.494Z

Source :

eclipse
AFFECTED PRODUCTS

The following products are affected by CVE-2025-55095 vulnerability.

Vendors Products
Eclipse
  • Threadx Usbx
  • Usbx
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-55095.

URL Resource
https://github.com/eclipse-threadx/usbx/security/advisories/GHSA-qfmp-wch9-rpv2 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact