CVE-2019-9503

HIGH

Description

The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

References

https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4176ec356c73a46c07c181c6d04039fafa34a9f

https://kb.cert.org/vuls/id/166939/

Details

Source: MITRE

Published: 2020-01-16

Updated: 2020-01-29

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 7.9

Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 5.5

Severity: HIGH

CVSS v3.0

Base Score: 8.3

Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 1.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:broadcom:brcmfmac_driver:-:*:*:*:*:*:*:*

Tenable Plugins

View all (40 total)

IDNameProductFamilySeverity
145668CentOS 8 : kernel (CESA-2019:2703)NessusCentOS Local Security Checks
high
144831EulerOS Virtualization 3.0.2.6 : kernel (EulerOS-SA-2021-1056)NessusHuawei Local Security Checks
critical
143971NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0108)NessusNewStart CGSL Local Security Checks
critical
137363RHEL 7 : kernel (RHSA-2020:2522)NessusRed Hat Local Security Checks
high
137291Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5715)NessusOracle Linux Local Security Checks
critical
137128OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0019)NessusOracleVM Local Security Checks
high
136448Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5671)NessusOracle Linux Local Security Checks
high
136388Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5670)NessusOracle Linux Local Security Checks
high
135813Scientific Linux Security Update : kernel on SL7.x x86_64 (20200407)NessusScientific Linux Local Security Checks
high
135316CentOS 7 : kernel (CESA-2020:1016)NessusCentOS Local Security Checks
high
135080RHEL 7 : kernel (RHSA-2020:1016)NessusRed Hat Local Security Checks
high
135078RHEL 7 : kernel-rt (RHSA-2020:1070)NessusRed Hat Local Security Checks
high
131845EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)NessusHuawei Local Security Checks
critical
131421NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0222)NessusNewStart CGSL Local Security Checks
high
131411NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0221)NessusNewStart CGSL Local Security Checks
high
130736EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274)NessusHuawei Local Security Checks
critical
129284SUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)NessusSuSE Local Security Checks
high
128859RHEL 8 : kernel-rt (RHSA-2019:2741)NessusRed Hat Local Security Checks
high
128845Oracle Linux 8 : kernel (ELSA-2019-2703)NessusOracle Linux Local Security Checks
high
128665RHEL 8 : kernel (RHSA-2019:2703)NessusRed Hat Local Security Checks
high
127890Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4095-1)NessusUbuntu Local Security Checks
high
127097Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4076-1)NessusUbuntu Local Security Checks
high
126045SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1550-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)NessusSuSE Local Security Checks
high
126031Slackware 14.2 / current : kernel (SSA:2019-169-01) (SACK Panic) (SACK Slowness)NessusSlackware Local Security Checks
high
126009Debian DLA-1824-1 : linux-4.9 security update (SACK Panic) (SACK Slowness)NessusDebian Local Security Checks
high
125959Debian DSA-4465-1 : linux - security update (SACK Panic) (SACK Slowness)NessusDebian Local Security Checks
high
125667openSUSE Security Update : the Linux Kernel (openSUSE-2019-1479)NessusSuSE Local Security Checks
high
125478Debian DLA-1799-2 : linux security update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusDebian Local Security Checks
high
125303openSUSE Security Update : the Linux Kernel (openSUSE-2019-1407) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusSuSE Local Security Checks
high
125283SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1289-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusSuSE Local Security Checks
high
125282SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1287-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusSuSE Local Security Checks
high
125243openSUSE Security Update : the Linux Kernel (openSUSE-2019-1404) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusSuSE Local Security Checks
high
125142Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3981-2) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusUbuntu Local Security Checks
high
125141Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3981-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusUbuntu Local Security Checks
high
125140Ubuntu 18.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3980-2) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusUbuntu Local Security Checks
high
125139Ubuntu 18.10 : Linux kernel vulnerabilities (USN-3980-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusUbuntu Local Security Checks
high
125138Ubuntu 19.04 : Linux kernel vulnerabilities (USN-3979-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusUbuntu Local Security Checks
critical
125132SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1242-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusSuSE Local Security Checks
high
124661Fedora 28 : kernel (2019-a6cd583a8d)NessusFedora Local Security Checks
high
124571Fedora 29 : kernel (2019-8219efa9f6)NessusFedora Local Security Checks
high