In Eclipse ThreadX before 6.4.3, when memory protection is enabled, syscall parameters verification wasnt enough, allowing an attacker to obtain an arbitrary memory read/write.
The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.