Skip to content
arrow-alt-circle-up icon

Cyber Incident Call

arrow-alt-circle-up icon

00800 1744 0000

arrow-alt-circle-up icon

CVE NUMBER

Not requested.

CVSS SCORE

3.3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

SUMMARY

Our reverse engineering team discovered an out of bound memory read vulnerability in VIVE’s Business Streaming software. HTC Corporation fixed the vulnerability after we reported it to them via our Coordinated Vulnerability Disclosure (CVD) program.

Impacted Versions

At least the following version is affected (and likely also lower versions).

  • HTC VIVE Virtual Audio Driver 0.1.11.7

DETAILS

VIVE, sometimes referred to as HTC VIVE, is a virtual reality brand of HTC Corporation. According to their website, it consists of hardware like its virtual reality headsets and accessories, virtual reality software and services, and initiatives that promote applications of virtual reality in sectors like business, arts, and video gaming. VIVE provides drivers for their virtual reality headsets that must be installed to use the hardware.

One of its kernel drivers creates a device which is readable and writable by any user on the system. One of the supported IOCTL’s seems to be for testing purposes, as it copies a test string to the SystemBuffer. However, instead of copying memory using the size of the testing string, it copies memory based on the size of the output buffer. The vunerability exists in the call to qmemcpy. The usage of qmemcpy with an abitrary size results in an out of bounds memory read vulnerability in the kernel.

TIMELINE

  • 12-09-2023 - Initial notice to HTC and request for security contact.
  • 23-10-2023 - First reply from HTC requesting more information.
  • 24-09-2023 - Sent full vulnerability details to HTC Security Team.
  • 15-12-2023 - HTC released a patch for the vulnerability.
  • 15-01-2024 - Planned public release of our blog post.

REFERENCE

VIVE’s Business Streaming software: https://business.vive.com/eu/solutions/streaming/

CREDIT

Discovered by Tijme Gommers of Northwave Cyber Security