Description
Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the task_mavobc_entry function at /comm/task_comm.c.
Published: 2026-05-13
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The firmware contains a stack-based buffer overflow in the task_mavobc_entry function located in comm/task_comm.c. The description indicates that excessive data written beyond the intended buffer can corrupt adjacent memory. While the CVE description does not specify the exact input or method an attacker would use, it is inferred that an attacker who can supply data to this function could overwrite the stack and potentially execute arbitrary code.

Affected Systems

The affected product is Firmament‑Autopilot FMT‑Firmware. Builds containing the commit de5aec or earlier include the vulnerable code. No specific firmware revision numbers are provided, so any firmware that has not been updated past this commit is at risk.

Risk and Exploitability

Because the vulnerability is a classic buffer overflow, the likely attack vector is an attacker supplying input to the task_mavobc_entry function, which could overflow the buffer. The potential impact could be high if malicious input reaches the function. The CVSS score is 7.3, the EPSS score is <1%, and the vulnerability is not listed in KEV. No documented exploits are referenced, but the inherent nature of a stack-based overflow suggests that risk remains significant for systems that accept external input processed by this function.

Generated by OpenCVE AI on May 14, 2026 at 20:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Firmament‑Autopilot FMT‑Firmware to a version that removes or corrects the task_mavobc_entry code.
  • If a newer firmware release is unavailable, apply a patch that implements proper bounds checking or otherwise sanitizes input to the task_mavobc_entry function.
  • Limit or block external input that can be routed to task_mavobc_entry, ensuring only trusted data is processed.

Generated by OpenCVE AI on May 14, 2026 at 20:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 17 May 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Firmament-autopilot
Firmament-autopilot fmt-firmware
Vendors & Products Firmament-autopilot
Firmament-autopilot fmt-firmware

Thu, 14 May 2026 21:00:00 +0000

Type Values Removed Values Added
Title Firmament‑Autopilot FMT‑Firmware Buffer Overflow in task_mavobc_entry

Thu, 14 May 2026 19:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Firmament‑Autopilot FMT‑Firmware task_mavobc_entry
Weaknesses CWE-122

Thu, 14 May 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 18:30:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Firmament‑Autopilot FMT‑Firmware task_mavobc_entry
Weaknesses CWE-122

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the task_mavobc_entry function at /comm/task_comm.c.
References

Subscriptions

Firmament-autopilot Fmt-firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-14T15:50:18.042Z

Reserved: 2024-12-06T00:00:00.000Z

Link: CVE-2024-55045

cve-icon Vulnrichment

Updated: 2026-05-14T15:49:03.971Z

cve-icon NVD

Status : Deferred

Published: 2026-05-13T16:16:34.780

Modified: 2026-05-14T16:16:18.397

Link: CVE-2024-55045

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-17T19:42:18Z

Weaknesses