Source: ofono X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for ofono. CVE-2024-7537[0]: | oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure | Vulnerability. This vulnerability allows local attackers to disclose | sensitive information on affected installations of oFono. | Authentication is not required to exploit this vulnerability. The | specific flaw exists within the processing of SMS message lists. The | issue results from the lack of proper validation of user-supplied | data, which can result in a read past the end of an allocated | buffer. An attacker can leverage this in conjunction with other | vulnerabilities to execute arbitrary code in the context of root. | Was ZDI-CAN-23157. https://www.zerodayinitiative.com/advisories/ZDI-24-1077/ CVE-2024-7538[1]: | oFono CUSD AT Command Stack-based Buffer Overflow Code Execution | Vulnerability. This vulnerability allows local attackers to execute | arbitrary code on affected installations of oFono. An attacker must | first obtain the ability to execute code on the target modem in | order to exploit this vulnerability. The specific flaw exists | within the parsing of responses from AT Commands. The issue results | from the lack of proper validation of the length of user-supplied | data prior to copying it to a stack-based buffer. An attacker can | leverage this vulnerability to execute code in the context of root. | Was ZDI-CAN-23190. https://www.zerodayinitiative.com/advisories/ZDI-24-1078/ CVE-2024-7539[2]: | oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. | This vulnerability allows local attackers to execute arbitrary code | on affected installations of oFono. An attacker must first obtain | the ability to execute code on the target modem in order to exploit | this vulnerability. The specific flaw exists within the parsing of | responses from AT+CUSD commands. The issue results from the lack of | proper validation of the length of user-supplied data prior to | copying it to a stack-based buffer. An attacker can leverage this | vulnerability to execute code in the context of root. Was ZDI- | CAN-23195. https://www.zerodayinitiative.com/advisories/ZDI-24-1079/ CVE-2024-7540[3]: | oFono AT CMGL Command Uninitialized Variable Information Disclosure | Vulnerability. This vulnerability allows local attackers to disclose | sensitive information on affected installations of oFono. An | attacker must first obtain the ability to execute code on the target | modem in order to exploit this vulnerability. The specific flaw | exists within the parsing of responses from AT+CMGL commands. The | issue results from the lack of proper initialization of memory prior | to accessing it. An attacker can leverage this in conjunction with | other vulnerabilities to execute arbitrary code in the context of | root. Was ZDI-CAN-23307. https://www.zerodayinitiative.com/advisories/ZDI-24-1080/ CVE-2024-7541[4]: | oFono AT CMT Command Uninitialized Variable Information Disclosure | Vulnerability. This vulnerability allows local attackers to disclose | sensitive information on affected installations of oFono. An | attacker must first obtain the ability to execute code on the target | modem in order to exploit this vulnerability. The specific flaw | exists within the parsing of responses from AT+CMT commands. The | issue results from the lack of proper initialization of memory prior | to accessing it. An attacker can leverage this in conjunction with | other vulnerabilities to execute arbitrary code in the context of | root. Was ZDI-CAN-23308. https://www.zerodayinitiative.com/advisories/ZDI-24-1081/ CVE-2024-7542[5]: | oFono AT CMGR Command Uninitialized Variable Information Disclosure | Vulnerability. This vulnerability allows local attackers to disclose | sensitive information on affected installations of oFono. An | attacker must first obtain the ability to execute code on the target | modem in order to exploit this vulnerability. The specific flaw | exists within the parsing of responses from AT+CMGR commands. The | issue results from the lack of proper initialization of memory prior | to accessing it. An attacker can leverage this in conjunction with | other vulnerabilities to execute arbitrary code in the context of | root. Was ZDI-CAN-23309. https://www.zerodayinitiative.com/advisories/ZDI-24-1082/ CVE-2024-7543[6]: | oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation | Vulnerability. This vulnerability allows local attackers to execute | arbitrary code on affected installations of oFono. An attacker must | first obtain the ability to execute code on the target modem in | order to exploit this vulnerability. The specific flaw exists | within the parsing of STK command PDUs. The issue results from the | lack of proper validation of the length of user-supplied data prior | to copying it to a heap-based buffer. An attacker can leverage this | vulnerability to execute code in the context of the service account. | Was ZDI-CAN-23456. https://www.zerodayinitiative.com/advisories/ZDI-24-1083/ CVE-2024-7544[7]: | oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation | Vulnerability. This vulnerability allows local attackers to execute | arbitrary code on affected installations of oFono. An attacker must | first obtain the ability to execute code on the target modem in | order to exploit this vulnerability. The specific flaw exists | within the parsing of STK command PDUs. The issue results from the | lack of proper validation of the length of user-supplied data prior | to copying it to a heap-based buffer. An attacker can leverage this | vulnerability to execute code in the context of the service account. | Was ZDI-CAN-23457. https://www.zerodayinitiative.com/advisories/ZDI-24-1084/ CVE-2024-7545[8]: | oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation | Vulnerability. This vulnerability allows local attackers to execute | arbitrary code on affected installations of oFono. An attacker must | first obtain the ability to execute code on the target modem in | order to exploit this vulnerability. The specific flaw exists | within the parsing of STK command PDUs. The issue results from the | lack of proper validation of the length of user-supplied data prior | to copying it to a heap-based buffer. An attacker can leverage this | vulnerability to execute code in the context of the service account. | Was ZDI-CAN-23458. https://www.zerodayinitiative.com/advisories/ZDI-24-1085/ CVE-2024-7546[9]: | oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation | Vulnerability. This vulnerability allows local attackers to execute | arbitrary code on affected installations of oFono. An attacker must | first obtain the ability to execute code on the target modem in | order to exploit this vulnerability. The specific flaw exists | within the parsing of STK command PDUs. The issue results from the | lack of proper validation of the length of user-supplied data prior | to copying it to a heap-based buffer. An attacker can leverage this | vulnerability to execute code in the context of the service account. | Was ZDI-CAN-23459. https://www.zerodayinitiative.com/advisories/ZDI-24-1086/ CVE-2024-7547[10]: | oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation | Vulnerability. This vulnerability allows local attackers to execute | arbitrary code on affected installations of oFono. An attacker must | first obtain the ability to execute code on the target modem in | order to exploit this vulnerability. The specific flaw exists | within the parsing of SMS PDUs. The issue results from the lack of | proper validation of the length of user-supplied data prior to | copying it to a stack-based buffer. An attacker can leverage this | vulnerability to execute code in the context of the service account. | Was ZDI-CAN-23460. https://www.zerodayinitiative.com/advisories/ZDI-24-1087/ If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-7537 https://www.cve.org/CVERecord?id=CVE-2024-7537 [1] https://security-tracker.debian.org/tracker/CVE-2024-7538 https://www.cve.org/CVERecord?id=CVE-2024-7538 [2] https://security-tracker.debian.org/tracker/CVE-2024-7539 https://www.cve.org/CVERecord?id=CVE-2024-7539 [3] https://security-tracker.debian.org/tracker/CVE-2024-7540 https://www.cve.org/CVERecord?id=CVE-2024-7540 [4] https://security-tracker.debian.org/tracker/CVE-2024-7541 https://www.cve.org/CVERecord?id=CVE-2024-7541 [5] https://security-tracker.debian.org/tracker/CVE-2024-7542 https://www.cve.org/CVERecord?id=CVE-2024-7542 [6] https://security-tracker.debian.org/tracker/CVE-2024-7543 https://www.cve.org/CVERecord?id=CVE-2024-7543 [7] https://security-tracker.debian.org/tracker/CVE-2024-7544 https://www.cve.org/CVERecord?id=CVE-2024-7544 [8] https://security-tracker.debian.org/tracker/CVE-2024-7545 https://www.cve.org/CVERecord?id=CVE-2024-7545 [9] https://security-tracker.debian.org/tracker/CVE-2024-7546 https://www.cve.org/CVERecord?id=CVE-2024-7546 [10] https://security-tracker.debian.org/tracker/CVE-2024-7547 https://www.cve.org/CVERecord?id=CVE-2024-7547 Please adjust the affected versions in the BTS as needed.
