In Eclipse ThreadX before version 6.4.3, an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vulnerable system calls had a check of pointers, but that check wasn't verifying whether the pointer is outside the module memory region.
Exploitability
AV:LAC:LAT:PPR:LUI:NVulnerable System
VC:NVI:NVA:HSubsequent System
SC:NSI:NSA:N5.7/CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:NOther