Please advise when azrtos packs for F4 F7 and H7 are going to be refreshed

Alec Davis 2021 · ‎2023-11-22

Microsoft's netxduo is at version 6.3.0 released 23rd October 2023 see https://github.com/azure-rtos/netxduo/releases/tag/v6.3.0_rel

The STM32H7 netxduo is at 6.2.0, committed on 5th April 2023 https://github.com/STMicroelectronics/x-cube-azrtos-H7/tags

I am chasing an issue https://github.com/azure-rtos/netxduo/issues/177 where Microsoft has suggested upgrading to netxduo 6.3.0. Note the same code when run on a Renesas RX72N runs fine.

Some of the other available packs are nearly 18 months old.

The F4 pack was committed on 13th July 2022 https://github.com/STMicroelectronics/x-cube-azrtos-f4/tags

The F7 pack was committed on 2nd July 2022 https://github.com/STMicroelectronics/x-cube-azrtos-f7/tags

Pavel A. · ‎2023-11-23

Maybe it's worth to wait a little more for a version rebranded by Eclipse Foundation

Amel NASRI · ‎2023-11-24

Hi @Alec Davis 2021 ,

I tracked your request in an internal ticket, and I can confirm that X-CUBE-AZRTOS-H7 and X-CUBE-AZRTOS-F4 will be updated to support AzureRTOS 6.3.0 but not in the near future.

Internal ticket number: 167015 (This is an internal tracking number and is not accessible or usable by customers).

-Amel

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

Alec Davis 2021 · ‎2023-11-26

I accept that the H7 pack may not be refreshed for a while as it's at Azure RTOS version 6.2.0, and Microsoft only release 6.3.0 about 1 month ago.

But the F4 and F7 packs are at Azure RTOS version 6.1.10 which is out of sync with the H7 pack

We have development boards for all 3 processors F4, F7 and H7

Alec Davis 2021 · ‎2023-12-17

@Amel NASRI wrote:
Hi @Alec Davis 2021 ,
I tracked your request in an internal ticket, and I can confirm that X-CUBE-AZRTOS-H7 and X-CUBE-AZRTOS-F4 will be updated to support AzureRTOS 6.3.0 but not in the near future.
Internal ticket number: 167015 (This is an internal tracking number and is not accessible or usable by customers).
-Amel

These updates have become Critical, in fact they need to be updated to use NetxDuo 6.3.0

Azure RTOS NetX Duo Remote Code Execution Vulnerability

Description

Impact
An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo.

Affected Components
The affected components include processes/functions related to icmp, tcp, snmp, dhcp, nat and ftp in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0.

Remediation
Upgrade to v6.3.0 or above.

Alec Davis 2021 · ‎2024-09-10

This link answers the question, as why nothing from ST

X-CUBE-AZURE-H7 hw cryptographic acceleration - Page 2 - STMicroelectronics Community

"As you know Microsoft decided to disengage from development on Azure RTOS and provide the code to opensource community.

Following this decision, ST is evaluating the consequences on the support of AzureRTOS on STM32"

But It references secuity vulnerabilites will be addressed.

Please advise.