PT-2025-43116 · Broadcom+2 · Bcm4387+2

Published

2023-02-27

Updated

2026-02-06

CVE-2023-53715

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue within the brcmfmac component related to cfg80211 handling. Specifically, the issue involves passing the Pre-Shared Key (PMK) in hexadecimal format, which is not supported by newer chips or firmware, such as the BCM4387. The solution implemented involves transmitting the PMK in binary format instead. Additionally, the structure used for setting the PMK was not properly cleared, leading to potential leakage of uninitialized stack contents to the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Access of Uninitialized Pointer

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-824CWE-20

Related Identifiers

BDU:2026-01266

CVE-2023-53715

OESA-2026-1306

SUSE-SU-2025:4111-1

SUSE-SU-2025:4139-1

SUSE-SU-2025:4149-1

SUSE-SU-2025:4189-1

SUSE-SU-2025:4320-1

Affected Products

Bcm4387

Linux Kernel

Suse

PT-2025-43116 · Broadcom+2 · Bcm4387+2

CVE-2023-53715

Weakness Enumeration

Related Identifiers

Affected Products

References · 637