A recently discovered vulnerability, CVE-2024-20154, exists in modem firmware, which could potentially lead to remote code execution. This vulnerability exists due to a missing bounds check, which may result in an out of bounds write. The exploitation of this flaw does not require any user interaction, and the attacker only needs to have a UE (User Equipment) connected to their rogue base station to execute the exploit.
In this post, we will take a closer look at the CVE-2024-20154 vulnerability, review the code snippet responsible for the issue, and provide links to original references. We will also discuss potential ways to mitigate this vulnerability.
Code Snippet and Vulnerability Details
The following code snippet shows the missing bounds check that leads to the possibility of an out of bounds write:
void function vulnerable_module() {
int index, data;
int buffer[10];
// ...
index = get_index(); // Missing bounds check for index value
data = get_data();
buffer[index] = data; // Out of bounds write if index is >= 10
// ...
}
The issue lies in the fact that the index is not checked for valid bounds before being used. This allows for an attacker-controlled index value to write data past the allocated buffer size, resulting in an out of bounds write.
To exploit this vulnerability, an attacker would need to control a rogue base station and lure a victim's UE to connect to it. Once connected, the attacker can then send specially crafted data to the target device's modem, which will trigger the out of bounds write and ultimately result in remote code execution.
Original References and Patch
This vulnerability has been assigned Patch ID: MOLY00720348, which addresses the missing bounds check. The patch can be downloaded and applied to affected devices to mitigate the risk associated with this vulnerability. For more information on the patch and to download it, please refer to the official patch documentation:
- MOLY00720348: Modem Out of Bounds Write Patch
The issue has also been documented in the official issue tracking system with Issue ID: MSV-2392. You can find more details on the issue and the progress of the patching process through the following link:
- MSV-2392: Modem Out of Bounds Write Issue Tracker
Mitigation and Prevention
To prevent and mitigate the risk associated with this vulnerability, it is highly recommended that affected devices apply the MOLY00720348 patch as soon as possible. In addition, users should always exercise caution when connecting their UE to unknown or untrusted base stations, as malicious actors may exploit such connections to take control of vulnerable devices.
In summary, CVE-2024-20154 is a critical vulnerability found in modem firmware, which could lead to remote code execution by exploiting an out of bounds write caused by a missing bounds check. By applying the recommended patch, users can significantly reduce the risk associated with this vulnerability and protect their devices from potential attacks.
Timeline
Published on: 01/06/2025 04:15:07 UTC
Last modified on: 01/06/2025 15:15:13 UTC