mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-08 05:09:24 +00:00
Code Issues Projects Releases Wiki Activity

ofono: fix CVE-2024-7543

Browse Source 
oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation
Vulnerability. This vulnerability allows local attackers to execute
arbitrary code on affected installations of oFono. An attacker must
first obtain the ability to execute code on the target modem in
order to exploit this vulnerability.

The specific flaw exists within the parsing of STK command PDUs.
The issue results from the lack of proper validation of the length
of user-supplied data prior to copying it to a heap-based buffer.
An attacker can leverage this vulnerability to execute code in the
context of the service account. Was ZDI-CAN-23456.

Reference:
https://security-tracker.debian.org/tracker/CVE-2024-7543

Upstream patch:
https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=90e60ada012de42964214d8155260f5749d0dcc7

(From OE-Core rev: 31ba25646b78d60923b1d897a43e37ef6f9edd51)

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Yogita Urade
2025-01-14 08:03:18 +00:00
committed by Steve Sakoman
parent 429a145133
commit 380c41b667
2 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-connectivity/ofono/ofono/CVE-2024-7543.patch
+30
View File
@@ -0,0 +1,30 @@
From 90e60ada012de42964214d8155260f5749d0dcc7 Mon Sep 17 00:00:00 2001
From: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
Date: Tue, 3 Dec 2024 21:43:50 +0200
Subject: [PATCH] stkutil: Fix CVE-2024-7543
CVE: CVE-2024-7543
Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=90e60ada012de42964214d8155260f5749d0dcc7]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
src/stkutil.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/stkutil.c b/src/stkutil.c
index 4f31af4..fdd11ad 100644
--- a/src/stkutil.c
+++ b/src/stkutil.c
@@ -1876,6 +1876,10 @@ static bool parse_dataobj_mms_reference(struct comprehension_tlv_iter *iter,
data = comprehension_tlv_iter_get_data(iter);
mr->len = len;
+
+ if (len > sizeof(mr->ref))
+ return false;
+
memcpy(mr->ref, data, len);
return true;
--
2.40.0
meta/recipes-connectivity/ofono/ofono_1.34.bb
+1
View File
@@ -19,6 +19,7 @@ SRC_URI = "\
file://CVE-2023-2794-0003.patch \
file://CVE-2023-2794-0004.patch \
file://CVE-2024-7539.patch \
file://CVE-2024-7543.patch \
"
SRC_URI[sha256sum] = "c0b96d3013447ec2bcb74579bef90e4e59c68dbfa4b9c6fbce5d12401a43aac7"