CVE-2026-14607 in RT-Thread
Summary
by MITRE • 07/03/2026
A weakness has been identified in RT-Thread up to 5.0.2. This affects the function sys_getaddrinfo of the file components/lwp/lwp_syscall.c. Executing a manipulation of the argument ai_addr can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. The pull request to fix this issue awaits acceptance.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 07/03/2026
The vulnerability identified in RT-Thread versions up to 5.0.2 represents a critical memory corruption weakness within the system's network address resolution functionality. This flaw exists specifically within the sys_getaddrinfo function located in components/lwp/lwp_syscall.c, which serves as a fundamental component for resolving network hostnames and addresses. The issue stems from inadequate input validation and buffer management when processing the ai_addr argument structure, creating opportunities for attackers to manipulate memory contents through carefully crafted parameters.
The technical implementation of this vulnerability involves improper handling of address resolution data structures where the function fails to properly validate or sanitize the ai_addr parameter before processing. This allows for potential buffer overflows, pointer corruption, or arbitrary memory writes when malicious input is provided to the function. The weakness operates at the system call level within the Lightweight Process (LWP) subsystem, making it particularly dangerous as it can affect core networking operations and potentially compromise the entire system's memory integrity.
Operational impact of this vulnerability extends beyond simple local privilege escalation as it provides a mechanism for attackers to corrupt system memory in ways that could lead to arbitrary code execution or system instability. The local attack requirement does not diminish the severity since compromised local access often serves as a foothold for broader attacks, and the public availability of exploits means this vulnerability can be readily weaponized. Attackers leveraging this weakness could potentially manipulate network operations, disrupt services, or gain unauthorized access to system resources through memory corruption techniques that align with common attack patterns documented in the attack tree framework.
The remediation approach requires immediate implementation of proper input validation and bounds checking within the sys_getaddrinfo function, ensuring that all ai_addr parameters are thoroughly validated before any memory operations occur. System administrators should prioritize updating to patched versions of RT-Thread as soon as available, while also implementing monitoring for unusual network resolution behaviors that might indicate exploitation attempts. This vulnerability aligns with CWE-121 and CWE-122 categories related to buffer overflow conditions and improper input validation, and represents a potential pathway for executing techniques documented in the attack patterns associated with local privilege escalation and memory corruption attacks within the MITRE ATT&CK framework.
Organizations using RT-Thread systems should conduct immediate vulnerability assessments to identify all instances of affected software versions and implement additional security controls including system call filtering, memory protection mechanisms, and network segmentation. The public availability of exploit code significantly elevates the risk profile, making proactive remediation essential rather than merely reactive. Security teams should also monitor for potential indirect exploitation vectors that might arise from the memory corruption effects, as these vulnerabilities can sometimes enable more sophisticated attack chains beyond their initial scope.