CVE-2019-9500

HIGH

Description

The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

References

https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html

https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff

https://kb.cert.org/vuls/id/166939/

Details

Source: MITRE

Published: 2020-01-16

Updated: 2020-01-29

Type: CWE-787

Risk Information

CVSS v2.0

Base Score: 7.9

Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 5.5

Severity: HIGH

CVSS v3.0

Base Score: 8.3

Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 1.6

Severity: HIGH

Tenable Plugins

View all (35 total)

ID	Name	Product	Family	Severity
137291	Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5715)	Nessus	Oracle Linux Local Security Checks	critical
133076	NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0008)	Nessus	NewStart CGSL Local Security Checks	high
133072	NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0002)	Nessus	NewStart CGSL Local Security Checks	high
131983	RHEL 7 : kpatch-patch (RHSA-2019:4171)	Nessus	Red Hat Local Security Checks	high
131982	RHEL 7 : kernel (RHSA-2019:4168)	Nessus	Red Hat Local Security Checks	high
131421	NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0222)	Nessus	NewStart CGSL Local Security Checks	high
131411	NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0221)	Nessus	NewStart CGSL Local Security Checks	high
130736	EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274)	Nessus	Huawei Local Security Checks	critical
130373	RHEL 7 : kernel-alt (RHSA-2019:3217)	Nessus	Red Hat Local Security Checks	high
129519	RHEL 7 : kpatch-patch (RHSA-2019:2945)	Nessus	Red Hat Local Security Checks	high
129284	SUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)	Nessus	SuSE Local Security Checks	high
129020	CentOS 7 : kernel (CESA-2019:2600)	Nessus	CentOS Local Security Checks	high
128859	RHEL 8 : kernel-rt (RHSA-2019:2741)	Nessus	Red Hat Local Security Checks	high
128845	Oracle Linux 8 : kernel (ELSA-2019-2703)	Nessus	Oracle Linux Local Security Checks	high
128665	RHEL 8 : kernel (RHSA-2019:2703)	Nessus	Red Hat Local Security Checks	high
128513	Oracle Linux 7 : kernel (ELSA-2019-2600)	Nessus	Oracle Linux Local Security Checks	high
128501	Scientific Linux Security Update : kernel on SL7.x x86_64 (20190903)	Nessus	Scientific Linux Local Security Checks	high
128498	RHEL 7 : kernel-rt (RHSA-2019:2609)	Nessus	Red Hat Local Security Checks	high
128495	RHEL 7 : kernel (RHSA-2019:2600)	Nessus	Red Hat Local Security Checks	high
126045	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1550-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)	Nessus	SuSE Local Security Checks	high
126009	Debian DLA-1824-1 : linux-4.9 security update (SACK Panic) (SACK Slowness)	Nessus	Debian Local Security Checks	high
125959	Debian DSA-4465-1 : linux - security update (SACK Panic) (SACK Slowness)	Nessus	Debian Local Security Checks	high
125667	openSUSE Security Update : the Linux Kernel (openSUSE-2019-1479)	Nessus	SuSE Local Security Checks	critical
125605	Amazon Linux AMI : kernel (ALAS-2019-1214)	Nessus	Amazon Linux Local Security Checks	high
125598	Amazon Linux 2 : kernel (ALAS-2019-1214)	Nessus	Amazon Linux Local Security Checks	high
125243	openSUSE Security Update : the Linux Kernel (openSUSE-2019-1404) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	Nessus	SuSE Local Security Checks	high
125142	Ubuntu 16.04 LTS : linux-hwe, linux-azure, linux-gcp, linux-oracle vulnerabilities (USN-3981-2) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	Nessus	Ubuntu Local Security Checks	high
125141	Ubuntu 18.04 LTS : linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, (USN-3981-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	Nessus	Ubuntu Local Security Checks	high
125140	Ubuntu 18.04 LTS : linux-hwe, linux-azure vulnerabilities (USN-3980-2) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	Nessus	Ubuntu Local Security Checks	high
125139	Ubuntu 18.10 : linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities (USN-3980-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	Nessus	Ubuntu Local Security Checks	high
125138	Ubuntu 19.04 : linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities (USN-3979-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	Nessus	Ubuntu Local Security Checks	critical
125132	SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1242-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)	Nessus	SuSE Local Security Checks	high
124552	Fedora 30 : kernel / kernel-headers / kernel-tools (2019-e84f6c34da)	Nessus	Fedora Local Security Checks	high
124308	Fedora 28 : kernel / kernel-headers / kernel-tools (2019-1b986880ea)	Nessus	Fedora Local Security Checks	high
124284	Fedora 29 : kernel / kernel-headers / kernel-tools (2019-1e8a4c6958)	Nessus	Fedora Local Security Checks	high