CVE-2023-50809

Name of the Vulnerable Software and Affected Versions Sonos products versions prior to S1 Release 11.12 and S2 release 15.9

Description The issue is related to a stack buffer overflow in the mt 7615.ko wireless driver, which can be exploited to allow remote code execution within the kernel. This occurs due to the driver not properly validating an information element during negotiation of a WPA2 four-way handshake. The affected products include Amp, Arc, Arc SL, Beam, Beam Gen 2, Beam SL, and Five.

Recommendations For Sonos products versions prior to S1 Release 11.12, update to S1 Release 11.12 or later. For Sonos products versions prior to S2 release 15.9, update to S2 release 15.9 or later. As a temporary workaround, consider disabling the Wi-Fi functionality until a patch is available. Restrict access to the vulnerable mt 7615.ko wireless driver to minimize the risk of exploitation.