RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition invalidates assumptions about the program state and leads to an invalid memory access resulting in denial of service. This issue is patched in pull request 19679. There are no known workarounds.

CVE-2023-33974: RIOT/gnrc_sixlowpan_frag_sfr.c at master · RIOT-OS/RIOT

Ubuntu Security Notice 6121-1 - It was discovered that Nanopb incorrectly handled certain decode messages. An attacker could possibly use this cause a denial of service or expose sensitive information. It was discovered that Nanopb incorrectly handled certain decode messages. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6121-1May 30, 2023nanopb vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in Nanopb.Software Description:- nanopb: Protocol Buffers with small code sizeDetails:It was discovered that Nanopb incorrectly handled certain decode messages.An attacker could possibly use this cause a denial of service or exposesensitive information. (CVE-2020-26243)It was discovered that Nanopb incorrectly handled certain decode messages.An attacker could possibly use this issue to cause a denial of serviceor execute arbitrary code. (CVE-2021-21401)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS (Available with Ubuntu Pro):  nanopb                          0.4.1-1ubuntu0.1~esm1In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6121-1  CVE-2020-26243, CVE-2021-21401

Ubuntu Security Notice USN-6121-1

Ubuntu Security Notice 6120-1 - Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution.

    ==========================================================================Ubuntu Security Notice USN-6120-1May 30, 2023mozjs102 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.04- Ubuntu 22.10- Ubuntu 22.04 LTSSummary:Several security issues were fixed in SpiderMonkey.Software Description:- mozjs102: SpiderMonkey JavaScript libraryDetails:Several security issues were discovered in the SpiderMonkey JavaScriptlibrary. If a user were tricked into opening malicious JavaScriptapplications or processing malformed data, a remote attacker could exploita variety of issues related to JavaScript security, including denial ofservice attacks, and arbitrary code execution.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.04:   libmozjs-102-0                  102.11.0-0ubuntu0.23.04.1Ubuntu 22.10:   libmozjs-102-0                  102.11.0-0ubuntu0.22.10.1Ubuntu 22.04 LTS:   libmozjs-102-0                  102.11.0-0ubuntu0.22.04.1After a standard system update you need to reboot your computer to make allthe necessary changes.References:   https://ubuntu.com/security/notices/USN-6120-1   CVE-2023-25735, CVE-2023-25739, CVE-2023-25751, CVE-2023-29535,   CVE-2023-29536, CVE-2023-29548, CVE-2023-29550, CVE-2023-32211,   CVE-2023-32215Package Information:   https://launchpad.net/ubuntu/+source/mozjs102/102.11.0-0ubuntu0.23.04.1   https://launchpad.net/ubuntu/+source/mozjs102/102.11.0-0ubuntu0.22.10.1   https://launchpad.net/ubuntu/+source/mozjs102/102.11.0-0ubuntu0.22.04.1

Ubuntu Security Notice USN-6120-1

Ubuntu Security Notice 6119-1 - Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. Anton Romanov discovered that OpenSSL incorrectly handled AES-XTS cipher decryption on 64-bit ARM platforms. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04.

==========================================================================  
Ubuntu Security Notice USN-6119-1  
May 30, 2023

openssl, openssl1.0 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in OpenSSL.

Software Description:  
- openssl: Secure Socket Layer (SSL) cryptographic library and tools  
- openssl1.0: Secure Socket Layer (SSL) cryptographic library and tools

Details:

Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1  
object identifiers. A remote attacker could possibly use this issue to  
cause OpenSSL to consume resources, resulting in a denial of service.  
(CVE-2023-2650)

Anton Romanov discovered that OpenSSL incorrectly handled AES-XTS cipher  
decryption on 64-bit ARM platforms. An attacker could possibly use this  
issue to cause OpenSSL to crash, resulting in a denial of service. This  
issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04.  
(CVE-2023-1255)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
   libssl3                         3.0.8-1ubuntu1.2

Ubuntu 22.10:  
   libssl3                         3.0.5-2ubuntu2.3

Ubuntu 22.04 LTS:  
   libssl3                         3.0.2-0ubuntu1.10

Ubuntu 20.04 LTS:  
   libssl1.1                       1.1.1f-1ubuntu2.19

Ubuntu 18.04 LTS:  
   libssl1.0.0                     1.0.2n-1ubuntu5.13  
   libssl1.1                       1.1.1-1ubuntu2.1~18.04.23

After a standard system update you need to reboot your computer to make all  
the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6119-1  
   CVE-2023-1255, CVE-2023-2650

Package Information:  
   https://launchpad.net/ubuntu/+source/openssl/3.0.8-1ubuntu1.2  
   https://launchpad.net/ubuntu/+source/openssl/3.0.5-2ubuntu2.3  
   https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.10  
   https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.19  
   https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.23  
   https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.13

Ubuntu Security Notice USN-6119-1

Widevine Trustlet versions 5.x, 6.x, and 7.x suffer from a buffer overflow vulnerability in PRDiagParseAndStoreData at 0x5cc8.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48336[+] Title              : Buffer Overflow in Widevine Trustlet (PRDiagParseAndStoreData @ 0x5cc8)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M), 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N), 6.0.0 (MRA58K), 6.0.0 (MRA58N), 6.0.0 (MRA58R), 6.0.0 (MRA58X), 7.0.0 (NBD90Z), 7.0.0 (NBD91P), 7.0.0 (NBD91U), 7.0.0 (NBD91X), 7.0.0 (NBD91Y), 7.0.0 (NBD91Z), 7.0.0 (NBD92F), 7.0.0 (NBD92G), 7.1.1 (N6F26Q), 7.1.1 (N6F26R), 7.1.1 (N6F26U), 7.1.1 (N6F27C), 7.1.1 (N6F27E).3. DETAILS----------Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service.The bug is present in Widevine’s PRDiagProvisionDataHandler() command.For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48336_Buffer_Overflow_in_Widevine_PRDiagParseAndStoreData_0x5cc8/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Widevine Trustlet 5.x / 6.x / 7.x PRDiagParseAndStoreData Buffer Overflow

Widevine Trustlet versions 5.x, 6.x, and 7.x suffer from a buffer overflow vulnerability in PRDiagVerifyProvisioning at 0x5f90.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48335[+] Title              : Buffer Overflow in Widevine Trustlet (PRDiagVerifyProvisioning @ 0x5f90)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M), 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N), 6.0.0 (MRA58K), 6.0.0 (MRA58N), 6.0.0 (MRA58R), 6.0.0 (MRA58X), 7.0.0 (NBD90Z), 7.0.0 (NBD91P), 7.0.0 (NBD91U), 7.0.0 (NBD91X), 7.0.0 (NBD91Y), 7.0.0 (NBD91Z), 7.0.0 (NBD92F), 7.0.0 (NBD92G), 7.1.1 (N6F26Q), 7.1.1 (N6F26R), 7.1.1 (N6F26U), 7.1.1 (N6F27C), 7.1.1 (N6F27E).3. DETAILS----------To the best of our knowledge, the vulnerability described in this post has been incorrectly associated with CVE-2015-6639. After consulting with MITRE, it has been confirmed that this vulnerability had no assigned identifier. Consequently, CVE-2022-48335 has been assigned to this vulnerability. On the other hand, it has been confirmed that CVE-2015-6639 does exist and corresponds with a different vulnerability reported by Google. We have notified all the concerned parties about this misunderstanding so that the confusion can be amended.Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service.The bug is present in Widevine’s PRDiagVerifyProvisioning() command. This command closely resembles PRDiagClearProvisioning(), which has been featured in other blog entries (refer to CVE-2015-6647).For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48335_Buffer_Overflow_in_Widevine_PRDiagVerifyProvisioning_0x5f90/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Widevine Trustlet 5.x / 6.x / 7.x PRDiagVerifyProvisioning Buffer Overflow

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_verify_keys at 0x7370.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48334[+] Title              : Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x7370)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M), 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N)3. DETAILS----------Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service.The bug is present in Widevine’s drm_verify_keys() command. This command closely resembles drm_save_keys(), which has been featured in other blog entries (refer to CVE-2022-48331 and CVE-2022-48332).For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48334_Buffer_Overflow_in_Widevine_drm_verify_keys_0x7370/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Widevine Trustlet 5.x drm_verify_keys Buffer Overflow

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_verify_keys at 0x730c.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48333[+] Title              : Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x730c)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M), 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N)3. DETAILS----------Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service.The bug is present in Widevine’s drm_verify_keys() command. This command closely resembles drm_save_keys(), which has been featured in other blog entries (refer to CVE-2022-48331 and CVE-2022-48332).For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48333_Buffer_Overflow_in_Widevine_drm_verify_keys_0x730c/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_save_keys at 0x6a18.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48332[+] Title              : Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x6a18)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M), 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N)3. DETAILS----------Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service.The bug is present in Widevine’s drm_save_keys() command. This command closely resembles drm_verify_keys(), which has been featured in other blog entries (refer to CVE-2022-48333 and CVE-2022-48334).For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48332_Buffer_Overflow_in_Widevine_drm_save_keys_0x6a18/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Widevine Trustlet 5.x drm_save_keys Buffer Overflow

Widevine Trustlet versions 5.x suffer from a drm_save_keys related buffer overflow.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48331[+] Title              : Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x69b0)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M) 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N)3. DETAILS----------Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service. The bug is present in Widevine’s drm_save_keys() command. This command closely resembles drm_verify_keys(), which has been featured in other blog entries (refer to CVE-2022-48333 and CVE-2022-48334).For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48331_Buffer_Overflow_in_Widevine_drm_save_keys_0x69b0/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Tag

#dos