CVE-2023-50810

Published: Aug 9, 2024

Modified: Aug 23, 2024

PUBLISHED

Description

In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. A failure to correctly handle the return value of the setenv command can be used to override the kernel command-line parameters and ultimately bypass the Secure Boot implementation. This affects PLAY5 gen 2, PLAYBASE, PLAY:1, One, One SL, and Amp.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.sonos.com/en-us/security-advisory-2024-0001

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-50810

Description

Affected Products

References