CVE-2023-50809

In certain Sonos products before S1 Release 11.12 and S2 release 15.9, the mt_7615.ko wireless driver does not properly validate an information element during negotiation of a WPA2 four-way handshake. This lack of validation leads to a stack buffer overflow. This can result in remote code execution within the kernel. This affects Amp, Arc, Arc SL, Beam, Beam Gen 2, Beam SL, and Five.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.sonos.com/en-us/security-advisory-2024-0001

Configurations

No configuration.

History

13 Mar 2025, 16:15

Type	Values Removed	Values Added
CWE		CWE-121

Information

Published : 2024-08-12 13:38

Updated : 2025-03-13 16:15

NVD link : CVE-2023-50809

Mitre link : CVE-2023-50809

CVE.ORG link : CVE-2023-50809

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

7.8 /10