UBUNTU-CVE-2024-7546

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-7546

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-7546.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-7546

Related

CVE-2024-7546

Published

2024-08-06T00:15:00Z

Modified

2024-12-10T04:29:44Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of STK command PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23459.

References

Affected packages

Ubuntu:Pro:16.04:LTS / ofono

Package

Name: ofono
Purl: pkg:deb/ubuntu/ofono?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.17.bzr6904+15.10.20150928.1-0ubuntu1

1.17.bzr6906+16.04.20151119-0ubuntu1

1.17.bzr6908+16.04.20151203-0ubuntu1

1.17.bzr6910+16.04.20160115.3-0ubuntu1

1.17.bzr6912+16.04.20160314.3-0ubuntu1

1.17.bzr6912+16.04.20160314.3-0ubuntu1+esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / ofono

Package

Name: ofono
Purl: pkg:deb/ubuntu/ofono?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.17.bzr6921+16.10.20160819.6-0ubuntu1

1.21-1ubuntu1

1.21-1ubuntu1+esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / ofono

Package

Name: ofono
Purl: pkg:deb/ubuntu/ofono?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.21-1ubuntu1

1.31-2ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / ofono

Package

Name: ofono
Purl: pkg:deb/ubuntu/ofono?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.31-3ubuntu1

1.31-3ubuntu1.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / ofono

Package

Name: ofono
Purl: pkg:deb/ubuntu/ofono?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.31-3ubuntu3

1.31-3ubuntu3.24.10.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / ofono

Package

Name: ofono
Purl: pkg:deb/ubuntu/ofono?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.31-3ubuntu1

1.31-3ubuntu2

1.31-3ubuntu3

1.31-3ubuntu3.24.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}