UBUNTU-CVE-2024-7539
- Source
- https://ubuntu.com/security/CVE-2024-7539
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-7539.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-7539
- Upstream
- Downstream
- Related
- Published
- 2024-08-06T00:15:00Z
- Modified
- 2026-04-17T10:00:21.068164Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT+CUSD commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23195.
- References
-
- https://ubuntu.com/security/CVE-2024-7539
- https://www.cve.org/CVERecord?id=CVE-2024-7539
- https://www.zerodayinitiative.com/advisories/ZDI-24-1079/
- https://lore.kernel.org/ofono/20241217093207.20636-1-absicsz@gmail.com/
- https://lore.kernel.org/ofono/20241217093207.20636-3-absicsz@gmail.com/
- https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=1e2a768445aecfa0a0e9c788651a9205cfd3744f
- https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=389e2344f86319265fb72ae590b470716e038fdc
- https://ubuntu.com/security/notices/USN-8178-1
Affected packages
Ubuntu:Pro:16.04:LTS / ofono
Package
- Name
- ofono
- Purl
- pkg:deb/ubuntu/ofono@1.17.bzr6912+16.04.20160314.3-0ubuntu1+esm3?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.17.bzr6912+16.04.20160314.3-0ubuntu1+esm3
Affected versions
1.*
1.17.bzr6904+15.10.20150928.1-0ubuntu1
1.17.bzr6906+16.04.20151119-0ubuntu1
1.17.bzr6908+16.04.20151203-0ubuntu1
1.17.bzr6910+16.04.20160115.3-0ubuntu1
1.17.bzr6912+16.04.20160314.3-0ubuntu1
1.17.bzr6912+16.04.20160314.3-0ubuntu1+esm1
1.17.bzr6912+16.04.20160314.3-0ubuntu1+esm2
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.17.bzr6912+16.04.20160314.3-0ubuntu1+esm3",
"binary_name": "ofono"
},
{
"binary_version": "1.17.bzr6912+16.04.20160314.3-0ubuntu1+esm3",
"binary_name": "ofono-dev"
},
{
"binary_version": "1.17.bzr6912+16.04.20160314.3-0ubuntu1+esm3",
"binary_name": "ofono-scripts"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Ubuntu:Pro:18.04:LTS / ofono
Package
- Name
- ofono
- Purl
- pkg:deb/ubuntu/ofono@1.21-1ubuntu1+esm3?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.21-1ubuntu1+esm3
Affected versions
1.*
1.17.bzr6921+16.10.20160819.6-0ubuntu1
1.21-1ubuntu1
1.21-1ubuntu1+esm1
1.21-1ubuntu1+esm2
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.21-1ubuntu1+esm3",
"binary_name": "ofono"
},
{
"binary_version": "1.21-1ubuntu1+esm3",
"binary_name": "ofono-dev"
},
{
"binary_version": "1.21-1ubuntu1+esm3",
"binary_name": "ofono-scripts"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Ubuntu:Pro:20.04:LTS / ofono
Package
- Name
- ofono
- Purl
- pkg:deb/ubuntu/ofono@1.31-2ubuntu1+esm3?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.31-2ubuntu1+esm3
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.31-2ubuntu1+esm3",
"binary_name": "ofono"
},
{
"binary_version": "1.31-2ubuntu1+esm3",
"binary_name": "ofono-dev"
},
{
"binary_version": "1.31-2ubuntu1+esm3",
"binary_name": "ofono-scripts"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Ubuntu:Pro:22.04:LTS / ofono
Package
- Name
- ofono
- Purl
- pkg:deb/ubuntu/ofono@1.31-3ubuntu1.2+esm1?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.31-3ubuntu1.2+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.31-3ubuntu1.2+esm1",
"binary_name": "ofono"
},
{
"binary_version": "1.31-3ubuntu1.2+esm1",
"binary_name": "ofono-dev"
},
{
"binary_version": "1.31-3ubuntu1.2+esm1",
"binary_name": "ofono-scripts"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}
Ubuntu:Pro:24.04:LTS / ofono
Package
- Name
- ofono
- Purl
- pkg:deb/ubuntu/ofono@1.31-3ubuntu3.24.04.2+esm1?arch=source&distro=esm-apps/noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.31-3ubuntu3.24.04.2+esm1
Affected versions
1.*
1.31-3ubuntu1
1.31-3ubuntu2
1.31-3ubuntu3
1.31-3ubuntu3.24.04.1
1.31-3ubuntu3.24.04.2
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.31-3ubuntu3.24.04.2+esm1",
"binary_name": "ofono"
},
{
"binary_version": "1.31-3ubuntu3.24.04.2+esm1",
"binary_name": "ofono-dev"
},
{
"binary_version": "1.31-3ubuntu3.24.04.2+esm1",
"binary_name": "ofono-scripts"
}
],
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro"
}