An oversight in BCB handling of reboot reason that allows for persistent code execution
The vulnerability stems from improper handling of the 'reboot reason' field in the BCB structure, which is a memory area used for communication between the operating system and the bootloader. An attacker can exploit this oversight to inject malicious code that becomes persistent and is executed every time the device starts. This mechanism enables persistent code execution — the code survives system restarts.
An attacker can obtain persistent, unauthorized arbitrary code execution on a Google Chromecast device, potentially leading to complete device takeover, breach of confidentiality, integrity, and data availability.
Apply patches available from the manufacturer according to references — Chromecast security bulletin from December 1, 2023, available at https://source.android.com/docs/security/bulletin/chromecast/2023-12-01. It is recommended to immediately update the firmware of Google Chromecast devices.
Google Chromecast and Google Chromecast Firmware — specific versions indicated in the manufacturer's references (Chromecast security bulletin from 2023-12-01)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGoogle Chromecast
HWGooglewszystkie wersjeGoogle Chromecast Firmware
OSGoogle< 2023-10-01
Related vulnerabilities
Krytyczna podatność u-boot w Google Chromecast — dostęp do powłoki przez UART
Brak sprawdzania uprawnień w aplikacji KeyChainActivity na urządzeniach Google Chromecast
Privilege escalation poprzez podatność w U-Boot shell na Google Chromecast
Podatność U-Boot w Google Chromecast umożliwiająca trwałe wykonanie kodu
The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding atta...