Утверждение насчет ThreadX оказалось ошибочным. Проблема, как выяснилось, не имеет отношения к ThreadX. Проблема в ошибках в коде F/W самого Marvell WIFI chipseta. Опровержение насчет ThreadX уже опровергнуто самим исследователем (Денисом Селяниным), но, как всегда, опровержение уже никто не читает и не
распространяет.
https://www.zdnet.com/article/wifi-firmware-bug-affects-lapt.../
"...The article's text has been updated on January 22 to highlight that the security issue resides solely in Avastar's own implementation running on top
of the ThreadX RTOS, and not ThreadX itself. The update was made based on an official statement received by ZDNet from Express Logic, the company behind
the ThreadX RTOS. The most relevant part of the statement has been embedded below, for the clarity and transparency of our reporting:
After analyzing the report and media statements regarding the ThreadX-related aspect, we consulted with the author of the initial security analysis who
suggested that some of the media reports may have misunderstood the angle and that the security issues described in the original article were not rooted
in ThreadX itself. The bottom line is that this vulnerability is not a systemic problem in the ThreadX RTOS. The application firmware and drivers running
on the Avastar 88W8897 SoC are solely responsible for and have complete control over the memory corruption cited in this report. In fact, the problem as
described could occur on any RTOS, OS, or even without an RTOS. In summary, the vulnerability cited by the author lies with the application firmware, and
has absolutely nothing to do with the ThreadX RTOS itself. Hence, none of the extensive 6.2 billion deployments using the ThreadX RTOS are in any way
compromised by the ThreadX RTOS code or behavior. This is entirely an application firmware issue.
..."
