CVE-2024-55045 Overview
CVE-2024-55045 is a buffer overflow vulnerability in Firmament-Autopilot FMT-Firmware at commit de5aec. The flaw resides in the task_mavobc_entry function located in /comm/task_comm.c. FMT-Firmware is an open-source autopilot system used in unmanned aerial vehicles (UAVs) and other autonomous platforms. The vulnerability is classified under [CWE-120] (Buffer Copy without Checking Size of Input). Attackers can exploit the issue over the network without authentication or user interaction, potentially affecting the confidentiality, integrity, and availability of the autopilot firmware.
Critical Impact
A network-reachable buffer overflow in autopilot firmware can corrupt memory in safety-critical flight control logic, leading to crashes or unpredictable vehicle behavior.
Affected Products
- Firmament-Autopilot FMT-Firmware
- Source commit de5aec
- Component: /comm/task_comm.c — task_mavobc_entry function
Discovery Timeline
- 2026-05-13 - CVE-2024-55045 published to NVD
- 2026-05-14 - Last updated in NVD database
Technical Details for CVE-2024-55045
Vulnerability Analysis
The vulnerability is a classic buffer overflow inside the task_mavobc_entry function of FMT-Firmware's communication subsystem. The function processes MAVLink-related obstacle communication data within a task context. Insufficient bounds checking allows incoming data to exceed the destination buffer's allocated size. Because the vulnerable code path is reachable through the firmware's communication channel, attackers can trigger the overflow remotely. Memory corruption in an autopilot task can affect any of confidentiality, integrity, and availability of the running firmware.
Root Cause
The root cause is missing or inadequate input length validation before copying data into a fixed-size stack or static buffer within task_mavobc_entry. The function trusts inbound message sizes from the communication channel and writes past the end of the destination buffer. This pattern matches [CWE-120], where the program copies input without checking the size of the destination.
Attack Vector
The attack vector is network-based and requires no privileges or user interaction. An attacker capable of delivering crafted communication packets to the FMT-Firmware communication task can trigger the overflow. Successful exploitation can corrupt adjacent memory, crash the autopilot task, or alter program control flow depending on the firmware build and toolchain hardening.
No verified public proof-of-concept code is available. Technical details and reproduction context are tracked in the FMT-Firmware GitHub Issue 133.
Detection Methods for CVE-2024-55045
Indicators of Compromise
- Unexpected resets, watchdog triggers, or task crashes in the FMT-Firmware communication subsystem.
- Malformed or oversized MAVLink-style messages directed at the autopilot communication channel.
- Anomalous telemetry gaps or loss of obstacle communication data during flight operations.
Detection Strategies
- Inspect inbound communication payloads for length fields that exceed expected protocol bounds.
- Review firmware logs for faults originating in task_mavobc_entry or adjacent communication tasks.
- Audit deployed FMT-Firmware builds and flag any image derived from commit de5aec or earlier without a fix applied.
Monitoring Recommendations
- Capture and analyze ground-station-to-vehicle traffic for protocol anomalies and oversized frames.
- Monitor companion computers and gateways that forward MAVLink traffic for repeated malformed packets.
- Alert on repeated autopilot task restarts that correlate with external communication activity.
How to Mitigate CVE-2024-55045
Immediate Actions Required
- Identify all UAV and robotics platforms running FMT-Firmware builds based on commit de5aec.
- Restrict network and radio access to the autopilot communication interface to trusted ground stations only.
- Track the FMT-Firmware GitHub Issue 133 for upstream remediation status.
Patch Information
No official vendor patch has been published in the referenced advisory at the time of NVD publication. Operators should monitor the upstream Firmament-Autopilot repository for a corrective commit addressing task_mavobc_entry in /comm/task_comm.c. Once available, rebuild firmware from a patched revision and reflash affected vehicles following standard validation procedures.
Workarounds
- Disable or firewall the affected communication channel where the MAVLink obstacle task is not operationally required.
- Place the autopilot behind a vetted gateway that validates message lengths and rejects malformed frames.
- Apply a local source patch enforcing length validation in task_mavobc_entry prior to any buffer copy.
# Configuration example: rebuild FMT-Firmware from a patched source tree
git clone https://github.com/Firmament-Autopilot/FMT-Firmware.git
cd FMT-Firmware
# Check out a revision that includes the fix for task_mavobc_entry
git checkout <patched-commit-or-tag>
# Rebuild and reflash per project documentation
scons --target=<your_target>
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
