[email protected]CVE-2023-47233

HistoryNov 03, 2023 - 9:15 p.m.

CVE-2023-47233

2023-11-0321:15:17

CWE-416

[email protected]

web.nvd.nist.gov

cve-2023-47233

linux kernel

brcm80211

use-after-free

vulnerability

nvd

security

exploit

4.3 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this “could be exploited in a real world scenario.” This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.

Affected configurations

NVD

Node

linuxlinux_kernelRange≤6.5.10

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle6.5.10

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	6.5.10

References

bugzilla.suse.com/show_bug.cgi?id=1216702

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f7352557a35ab7888bc7831411ec8a3cbe20d78

lore.kernel.org/all/20231104054709.716585-1-zyytlz.wz%40163.com/

marc.info/?l=linux-kernel&m=169907678011243&w=2

4.3 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-47233

cvelist2 ubuntucve2 nvd2 cbl_mariner1 redhatcve2 debiancve2 prion1 cve1 ubuntu14 nessus34 osv17 openvas25 mageia2 debian2