SB2024080626 - Multiple vulnerabilities in oFono
Published: August 6, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2024-7546)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in SimToolKit within the parsing of STK command PDUs. A local user can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Out-of-bounds read (CVE-ID: CVE-2024-7537)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in QMI within the processing of SMS message lists. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
3) Stack-based buffer overflow (CVE-ID: CVE-2024-7538)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in CUSD within the parsing of responses from AT Commands. A local user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Stack-based buffer overflow (CVE-ID: CVE-2024-7539)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary within the parsing of responses from AT+CUSD commands. A local user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Information disclosure (CVE-ID: CVE-2024-7540)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to the lack of proper initialization of memory prior to accessing it within the parsing of responses from AT+CMGL commands. A local user can gain unauthorized access to sensitive information on the system.
6) Information disclosure (CVE-ID: CVE-2024-7541)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to the lack of proper initialization of memory prior to accessing it within the parsing of responses from AT+CMT commands. A local user can gain unauthorized access to sensitive information on the system.
7) Information disclosure (CVE-ID: CVE-2024-7542)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to the lack of proper initialization of memory prior to accessing it within the parsing of responses from AT+CMGR commands. A local user can gain unauthorized access to sensitive information on the system.
8) Heap-based buffer overflow (CVE-ID: CVE-2024-7543)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in SimToolKit within the parsing of STK command PDUs. A local user can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Heap-based buffer overflow (CVE-ID: CVE-2024-7544)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in SimToolKit within the parsing of STK command PDUs. A local user can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Heap-based buffer overflow (CVE-ID: CVE-2024-7545)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in SimToolKit within the parsing of STK command PDUs. A local user can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Stack-based buffer overflow (CVE-ID: CVE-2024-7547)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in SMS Decoder within the parsing of SMS PDUs. A local user can trigger stack-based buffer overflow and execute arbitrary code on the target system with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://www.zerodayinitiative.com/advisories/ZDI-24-1086/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1077/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1078/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1079/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1080/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1081/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1082/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1083/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1084/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1085/
- https://www.zerodayinitiative.com/advisories/ZDI-24-1087/