The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html
https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff
Source: MITRE
Published: 2020-01-16
Updated: 2020-01-29
Type: CWE-787
Base Score: 7.9
Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 5.5
Severity: HIGH
Base Score: 8.3
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Impact Score: 6
Exploitability Score: 1.6
Severity: HIGH
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
145668 | CentOS 8 : kernel (CESA-2019:2703) | Nessus | CentOS Local Security Checks | high |
144831 | EulerOS Virtualization 3.0.2.6 : kernel (EulerOS-SA-2021-1056) | Nessus | Huawei Local Security Checks | critical |
137291 | Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5715) | Nessus | Oracle Linux Local Security Checks | critical |
133076 | NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0008) | Nessus | NewStart CGSL Local Security Checks | high |
133072 | NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0002) | Nessus | NewStart CGSL Local Security Checks | high |
131983 | RHEL 7 : kpatch-patch (RHSA-2019:4171) | Nessus | Red Hat Local Security Checks | high |
131982 | RHEL 7 : kernel (RHSA-2019:4168) | Nessus | Red Hat Local Security Checks | high |
131421 | NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0222) | Nessus | NewStart CGSL Local Security Checks | high |
131411 | NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0221) | Nessus | NewStart CGSL Local Security Checks | high |
130736 | EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274) | Nessus | Huawei Local Security Checks | critical |
130373 | RHEL 7 : kernel-alt (RHSA-2019:3217) | Nessus | Red Hat Local Security Checks | high |
129519 | RHEL 7 : kpatch-patch (RHSA-2019:2945) | Nessus | Red Hat Local Security Checks | high |
129284 | SUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre) | Nessus | SuSE Local Security Checks | high |
129020 | CentOS 7 : kernel (CESA-2019:2600) | Nessus | CentOS Local Security Checks | high |
128859 | RHEL 8 : kernel-rt (RHSA-2019:2741) | Nessus | Red Hat Local Security Checks | high |
128845 | Oracle Linux 8 : kernel (ELSA-2019-2703) | Nessus | Oracle Linux Local Security Checks | high |
128665 | RHEL 8 : kernel (RHSA-2019:2703) | Nessus | Red Hat Local Security Checks | high |
128513 | Oracle Linux 7 : kernel (ELSA-2019-2600) | Nessus | Oracle Linux Local Security Checks | high |
128501 | Scientific Linux Security Update : kernel on SL7.x x86_64 (20190903) | Nessus | Scientific Linux Local Security Checks | high |
128498 | RHEL 7 : kernel-rt (RHSA-2019:2609) | Nessus | Red Hat Local Security Checks | high |
128495 | RHEL 7 : kernel (RHSA-2019:2600) | Nessus | Red Hat Local Security Checks | high |
126045 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1550-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre) | Nessus | SuSE Local Security Checks | high |
126009 | Debian DLA-1824-1 : linux-4.9 security update (SACK Panic) (SACK Slowness) | Nessus | Debian Local Security Checks | high |
125959 | Debian DSA-4465-1 : linux - security update (SACK Panic) (SACK Slowness) | Nessus | Debian Local Security Checks | high |
125667 | openSUSE Security Update : the Linux Kernel (openSUSE-2019-1479) | Nessus | SuSE Local Security Checks | high |
125605 | Amazon Linux AMI : kernel (ALAS-2019-1214) | Nessus | Amazon Linux Local Security Checks | high |
125598 | Amazon Linux 2 : kernel (ALAS-2019-1214) | Nessus | Amazon Linux Local Security Checks | high |
125243 | openSUSE Security Update : the Linux Kernel (openSUSE-2019-1404) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | SuSE Local Security Checks | high |
125142 | Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3981-2) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | Ubuntu Local Security Checks | high |
125141 | Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3981-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | Ubuntu Local Security Checks | high |
125140 | Ubuntu 18.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3980-2) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | Ubuntu Local Security Checks | high |
125139 | Ubuntu 18.10 : Linux kernel vulnerabilities (USN-3980-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | Ubuntu Local Security Checks | high |
125138 | Ubuntu 19.04 : Linux kernel vulnerabilities (USN-3979-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | Ubuntu Local Security Checks | critical |
125132 | SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1242-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | SuSE Local Security Checks | high |
124552 | Fedora 30 : kernel / kernel-headers / kernel-tools (2019-e84f6c34da) | Nessus | Fedora Local Security Checks | high |
124308 | Fedora 28 : kernel / kernel-headers / kernel-tools (2019-1b986880ea) | Nessus | Fedora Local Security Checks | high |
124284 | Fedora 29 : kernel / kernel-headers / kernel-tools (2019-1e8a4c6958) | Nessus | Fedora Local Security Checks | high |