The developed company Intel has recently discovered two vulnerabilities in an open telephone software called ofono. This software is used for organizing calls, data transmission, and sending SMS on platforms such as Tizen, Ubuntu Touch, Mobian, Maemo, Postmarketos, and Sailfish/Aurora. The vulnerabilities were revealed during the processing of specially designed SMS settings and allowed for the execution of malicious code. However, these vulnerabilities have been addressed in the latest release of ofono 2.1.
The vulnerabilities stem from the lack of proper verification of external data in the decoding code of SMS messages in PDU format. As a result, it becomes possible to record data outside the designated buffer. The first vulnerability, known as cve-2023-4233, affects the SMS_Decode_address_field() function. The second vulnerability, known as cve-2023-4234, affects the decode_submit_report() function.
Vulnerability | Description |
---|---|
cve-2023-4233 | The absence of proper verification in SMS_Decode_address_field() allows for the execution of code when processing specially designed SMS settings. |
cve-2023-4234 | The absence of proper verification in decode_submit_report() allows for the execution of code when processing specially designed SMS settings. |
Intel has swiftly addressed these vulnerabilities and recommends all users to update to the latest version of ofono to ensure their systems are protected.