Arbitrary Code Execution Vulnerability in Sonos Products
CVE-2023-50810

Currently unrated

Key Information:

Vendor

Sonos

Status
Sonos Firmware
Vendor
CVE Published:
12 August 2024

What is CVE-2023-50810?

A vulnerability exists in the U-Boot component of the firmware used in several Sonos products prior to the specified releases. This flaw allows for persistent arbitrary code execution with Linux kernel privileges by improperly handling the return value of the setenv command. This loophole can be exploited to override kernel command-line parameters and bypass the Secure Boot function, posing significant security risks to the affected devices.

References

https://www.sonos.com/en-us/security-advisory-2024-0001

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.