:: Re: [maemo-leste] ZDI-CAN-29089: Ne…
Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
Morgan Hughes at ->
Delete this message
Reply to this message
Author: Sicelo
Date:  
To: zdi-disclosures@trendmicro.com
CC: Willy Tarreau, ofono@lists.linux.dev, secalert@redhat.com, ivo.g.dimitrov.75, maemo-leste
Subject: Re: [maemo-leste] ZDI-CAN-29089: New Vulnerability Report
Hi

Community members will work on these. As with any other open-source
projects, patches welcome.

Best Regards

On Thu, Mar 12, 2026 at 07:13:20PM +0000, zdi-disclosures@??? wrote:
> Hello Willy,
>
> Noted thank you!
>
> Any updates on this issue?
>
> Thanks,
> ZDI
>
> -----Original Message-----
> From: Willy Tarreau <w@???>
> Sent: Tuesday, February 10, 2026 9:02 AM
> To: ZDI Disclosures Mailbox <zdi-disclosures@???>
> Cc: ofono@???; secalert@???; security@???
> Subject: Re: ZDI-CAN-29089: New Vulnerability Report
>
> Hello,
>
> On Tue, Feb 10, 2026 at 04:54:46PM +0000, zdi-disclosures@??? wrote:
> > ZDI-CAN-29089: oFono MBIM SMS Handling Heap-based Buffer Overflow Arbitrary Code Execution Vulnerability
> >
> > -- CVSS -----------------------------------------
> >
> > 6.8: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
> >
> > -- ABSTRACT -------------------------------------
> >
> > Trend Micro's Zero Day Initiative has identified a vulnerability affecting the following products:
> > oFono - oFono
> >
> > -- VULNERABILITY DETAILS ------------------------
> > * Version tested:20.0.3
> > * Installer file:agl-demo-platform-crosssdk-raspberrypi4-64.wic.xz
> > * Platform tested:Raspberry Pi
> (...)
>
> Please note that none of these 3 reports concern code in the Linux
> kernel, so security@??? can be dropped from future exchanges.
>
> Thanks,
> Willy
> TREND MICRO EMAIL NOTICE
> The information contained in this email and any attachments is confidential
> and may be subject to copyright or other intellectual property protection.
> If you are not the intended recipient, you are not authorized to use or
> disclose this information, and we request that you notify us by reply mail or
> telephone and delete the original message from your mail system.
> For details about what personal information we collect and why, please see our Privacy Notice on our website at: [ https://www.trendmicro.com/privacy]
>
>
This message was posted to the following mailing lists:
maemo-leste
Mailing List Info | Nearby Messages		<-[maemo-leste] Need TestersRe: [maemo-leste] ZDI-CAN-29089: New Vulnerability Report->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)