Hi @Ge Ren Greetings! Welcome to Microsoft Q&A forum. Thank you for posting this question here.
will the 5 CVE for Azure RTOS affects ThreadX
Regarding this question, I would like to point that ThreadX
is one of the components of Azure RTOS
. In addition to ThreadX, Azure RTOS also offers FileX, USBX, TraceX, NetX and GUIX functionalities. Here is an overview of each of the Components of Azure RTOS
The CVEs identified on Azure RTOS could have an impact on any of these components. The impact area depends on the CVEs identified. It is hard to pinpoint specific components impacted for each of those CVE without knowing more details.
Is there any change in policy about the vulnerability management for Azure RTOS
The difference in dates could be due to the difference release dates between Azure RTOS and its components. I would also like to point that the latest version of Azure RTOS ThreadX is 6.4.0. Please also note that, during Q1 2024 Azure RTOS will transition to an open-source model. The open-source project is under the stewardship of the Eclipse Foundation. With Eclipse Foundation as the new home, Azure RTOS becomes Eclipse ThreadX. The latest version Azure RTOS is 6.2.0
Please ensure to update to the latest versions of the product to overcome any security vulnerabilities identified in the platform.
Hope this answers your questions! Please let us know if you need any additional information on this.
If the response helped, please do click Accept Answer and Yes for the answer provided. Doing so would help other community members with similar issue identify the solution. I highly appreciate your contribution to the community.