Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
oFono Crashes or Executes Malicious Code
USN-8178-1
Summary
Use of oFono, a software for mobile network management, may leave systems open to crashes or malicious code execution if certain inputs are not handled correctly. This could allow an attacker to disrupt service or gain unauthorized access. Update oFono to the latest version to address these issues.
What to do
- Update canonical ofono to version 1.17.bzr6912+16.04.20160314.3-0ubuntu1+esm3.
- Update canonical ofono to version 1.21-1ubuntu1+esm3.
- Update canonical ofono to version 1.31-2ubuntu1+esm3.
- Update canonical ofono to version 1.31-3ubuntu1.2+esm1.
- Update canonical ofono to version 1.31-3ubuntu3.24.04.2+esm1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Ubuntu:Pro:16.04:LTS | canonical | ofono |
< 1.17.bzr6912+16.04.20160314.3-0ubuntu1+esm3 Fix: upgrade to 1.17.bzr6912+16.04.20160314.3-0ubuntu1+esm3
|
| Ubuntu:Pro:18.04:LTS | canonical | ofono |
< 1.21-1ubuntu1+esm3 Fix: upgrade to 1.21-1ubuntu1+esm3
|
| Ubuntu:Pro:20.04:LTS | canonical | ofono |
< 1.31-2ubuntu1+esm3 Fix: upgrade to 1.31-2ubuntu1+esm3
|
| Ubuntu:Pro:22.04:LTS | canonical | ofono |
< 1.31-3ubuntu1.2+esm1 Fix: upgrade to 1.31-3ubuntu1.2+esm1
|
| Ubuntu:Pro:24.04:LTS | canonical | ofono |
< 1.31-3ubuntu3.24.04.2+esm1 Fix: upgrade to 1.31-3ubuntu3.24.04.2+esm1
|
Original title
ofono vulnerabilities
Original description
It was discovered that oFono incorrectly handled crafted responses
from AT commands. An attacker could possibly use this issue to crash
the program, resulting in a denial of service or arbitrary code
execution. (CVE-2024-7538, CVE-2024-7539, CVE-2024-7540, CVE-2024-7541,
CVE-2024-7542)
Lucas Leong discovered that oFono incorrectly handled crafted input.
An attacker could possibly use this issue to crash the program,
resulting in a denial of service or arbitrary code execution.
(CVE-2024-7543, CVE-2024-7544, CVE-2024-7545, CVE-2024-7546,
CVE-2024-7547)
from AT commands. An attacker could possibly use this issue to crash
the program, resulting in a denial of service or arbitrary code
execution. (CVE-2024-7538, CVE-2024-7539, CVE-2024-7540, CVE-2024-7541,
CVE-2024-7542)
Lucas Leong discovered that oFono incorrectly handled crafted input.
An attacker could possibly use this issue to crash the program,
resulting in a denial of service or arbitrary code execution.
(CVE-2024-7543, CVE-2024-7544, CVE-2024-7545, CVE-2024-7546,
CVE-2024-7547)
- https://ubuntu.com/security/notices/USN-8178-1 Vendor Advisory
- https://ubuntu.com/security/CVE-2024-7538 Third Party Advisory
- https://ubuntu.com/security/CVE-2024-7539 Third Party Advisory
- https://ubuntu.com/security/CVE-2024-7540 Third Party Advisory
- https://ubuntu.com/security/CVE-2024-7541 Third Party Advisory
- https://ubuntu.com/security/CVE-2024-7542 Third Party Advisory
- https://ubuntu.com/security/CVE-2024-7543 Third Party Advisory
- https://ubuntu.com/security/CVE-2024-7544 Third Party Advisory
- https://ubuntu.com/security/CVE-2024-7545 Third Party Advisory
- https://ubuntu.com/security/CVE-2024-7546 Third Party Advisory
- https://ubuntu.com/security/CVE-2024-7547 Third Party Advisory
Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026