Access Control Vulnerability in Matter Software for Smart Home Devices
CVE-2024-56317

Currently unrated

Key Information:

Vendor: Connectivity Standards Alliance
Vendor: CVE Published:; 18 December 2024

🔔 Create Connectivity Standards Alliance Vulnerability Alert

What is CVE-2024-56317?

CVE-2024-56317 represents a critical vulnerability in the Matter (connectedhomeip or Project CHIP) framework affecting version 1.4.0.0. This flaw resides in the WriteAcl function, which is responsible for managing access control lists (ACLs). During the deletion and recreation of ACL entries based on user input, a failure in input validation can lead to a complete denial of service. If decoding input fails, the system halts the restoration of ACL entries, leaving resources inaccessible. This can severely disrupt operations of connected smart home devices, highlighting the urgent need for updates and patches to mitigate associated risks.

References

https://github.com/project-chip/connectedhomeip/issues/36535

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2024