PT-2019-5254 · Broadcom+4 · Brcmfmac Wifi Driver+4

Hugues Anguelkov

·

Published

2019-02-19

·

Updated

2022-04-18

·

CVE-2019-9503

CVSS v3.1

8.3

High

VectorAV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions brcmfmac WiFi driver versions prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f
Description The issue is related to insufficient input validation in the is wlc event frame function of the Broadcom brcmfmac WiFi driver. This can be exploited by a remote, unauthenticated attacker to bypass frame validation, potentially allowing the execution of arbitrary code on a vulnerable system or resulting in denial-of-service conditions. The vulnerability can be triggered by sending specially-crafted WiFi packets.
Recommendations For versions prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f, consider updating to a version that includes the commit a4176ec356c73a46c07c181c6d04039fafa34a9f or later to resolve the issue. As a temporary workaround, consider restricting the use of USB WiFi dongles to minimize the risk of exploitation.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2020-02045
CESA-2019_2703
CESA-2019_2741
CESA-2020_1016
CVE-2019-9503
DLA-1799-1
DLA-1799-2
DLA-1824-1
DSA-4465-1
OPENSUSE-SU-2019:1404-1
OPENSUSE-SU-2019:1479-1
OPENSUSE-SU-2019_1404-1
OPENSUSE-SU-2019_1407-1
OPENSUSE-SU-2019_1479-1
RHSA-2019:2703
RHSA-2019:2741
RHSA-2019_2703
RHSA-2019_2741
RHSA-2020:1016
RHSA-2020:1070
RHSA-2020:2522
RHSA-2020_1016
RHSA-2020_1070
SUSE-SU-2019:1240-1
SUSE-SU-2019:1241-1
SUSE-SU-2019:1242-1
SUSE-SU-2019:1244-1
SUSE-SU-2019:1245-1
SUSE-SU-2019:1287-1
SUSE-SU-2019:1289-1
SUSE-SU-2019:1550-1
SUSE-SU-2019:2430-1
USN-3979-1
USN-3980-1
USN-3980-2
USN-3981-1
USN-3981-2
USN-4076-1
USN-4095-1

Affected Products

Centos
Red Hat
Suse
Ubuntu
Brcmfmac Wifi Driver