CVE-2022-24046

Name of the Vulnerable Software and Affected Versions Sonos One Speaker versions prior to 3.4.1 (S2 systems) Sonos One Speaker versions prior to 11.2.13 build 57923290 (S1 systems)

Description This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the anacapd daemon. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this issue to execute code in the context of root.

Recommendations For versions prior to 3.4.1 (S2 systems), update to version 3.4.1 or later. For versions prior to 11.2.13 build 57923290 (S1 systems), update to version 11.2.13 build 57923290 or later. As a temporary workaround, consider disabling the anacapd daemon until a patch is available.