PT-2024-13975 · Sonos · Sonos One+5
Alexander Plaskett
·
Published
2024-08-09
·
Updated
2025-06-11
·
CVE-2023-50810
CVSS v3.1
6.0
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Sonos products versions prior to S1 Release 11.12 and S2 release 15.9
Description
A vulnerability exists in the U-Boot component of the firmware that allows persistent arbitrary code execution with Linux kernel privileges. This is due to a failure to correctly handle the return value of the
setenv command, which can be used to override the kernel command-line parameters and ultimately bypass the Secure Boot implementation. The affected products include PLAY5 gen 2, PLAYBASE, PLAY:1, One, One SL, and Amp.Recommendations
For Sonos products versions prior to S1 Release 11.12 and S2 release 15.9, update to S1 Release 11.12 or S2 release 15.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the U-Boot component until a patch is available.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sonos Amp
Sonos One
Sonos One Sl
Sonos Play5 Gen 2
Sonos Play:1
Sonos Playbase