About the cpe information for Azure RTOS and ThreadX

Ge Ren 20 Reputation points
2024-02-09T08:54:18.7466667+00:00

Hello Microsoft Support Team, I am an engineer from Japan. I have several questions about Azure RTOS 6.1.3 and ThreadX 6.1.3. In this moment, we can find 5 CVE for cpe:2.3:o:microsoft:azure_real_time_operating_system:6.1.3:::::::* and 1 CVE for cpe:2.3:o:microsoft:azure_rtos_threadx:6.1.3:::::*:

We want to know that will the 5 CVE for Azure RTOS affects ThreadX. Another question is that we find that the cpe for ThreadX is created in 2023/12. And cpe for Azure RTOS is created in 2021/11. So, we want to know that is there any change in policy about the vulnerability management for Azure RTOS.

Thank you.

Azure RTOS
Azure RTOS
An Azure embedded development suite including a small but powerful operating system for resource-constrained devices.
324 questions
Accepted answer
  1. LeelaRajeshSayana-MSFT 13,471 Reputation points
    2024-02-20T21:03:48.2733333+00:00

    Hi @Ge Ren Greetings! Welcome to Microsoft Q&A forum. Thank you for posting this question here.

    will the 5 CVE for Azure RTOS affects ThreadX

    Regarding this question, I would like to point that ThreadX is one of the components of Azure RTOS. In addition to ThreadX, Azure RTOS also offers FileX, USBX, TraceX, NetX and GUIX functionalities. Here is an overview of each of the Components of Azure RTOS The diagram of Azure RTOS system components.

    The CVEs identified on Azure RTOS could have an impact on any of these components. The impact area depends on the CVEs identified. It is hard to pinpoint specific components impacted for each of those CVE without knowing more details.

    Is there any change in policy about the vulnerability management for Azure RTOS

    The difference in dates could be due to the difference release dates between Azure RTOS and its components. I would also like to point that the latest version of Azure RTOS ThreadX is 6.4.0. Please also note that, during Q1 2024 Azure RTOS will transition to an open-source model. The open-source project is under the stewardship of the Eclipse Foundation. With Eclipse Foundation as the new home, Azure RTOS becomes Eclipse ThreadX. The latest version Azure RTOS is 6.2.0

    Please ensure to update to the latest versions of the product to overcome any security vulnerabilities identified in the platform.

    Hope this answers your questions! Please let us know if you need any additional information on this.

    If the response helped, please do click Accept Answer and Yes for the answer provided. Doing so would help other community members with similar issue identify the solution. I highly appreciate your contribution to the community.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2024-02-09T08:54:18.75+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Azure RTOS ThreadX is a component of Azure RTOS, and it is designed to be a highly secure and reliable real-time operating system for embedded applications. The CVEs for Azure RTOS and ThreadX are separate and distinct, so the CVEs for Azure RTOS should not affect ThreadX. As for the change in policy about vulnerability management for Azure RTOS, there is no information available in the provided context to answer this question.

    References:

    0 comments