CVE-2019-9500

Name of the Vulnerable Software and Affected Versions Broadcom brcmfmac WiFi driver versions prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff

Description The issue is related to a heap buffer overflow in the brcmf wowl nd results function. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can trigger this overflow. This can be exploited to compromise the host or, in combination with other vulnerabilities, can be used remotely. In the worst-case scenario, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system by sending specially-crafted WiFi packets. More typically, this issue will result in denial-of-service conditions.

Recommendations For versions prior to commit 1b5e2423164b3670e8bc9170e8bc9174e4762d297990deff, consider disabling the Wake-up on Wireless LAN functionality to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.