Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2024-35811
HistoryMay 17, 2024 - 2:15 p.m.

CVE-2024-35811

2024-05-1714:15:15
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
36
linux kernel
wifi
vulnerability
brcmfmac
use-after-free
brcm80211 driver
hotplug
fix
timeout worker
usb disconnect
cleanup
kfree
bug

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach

This is the candidate patch of CVE-2023-47233 :
https://nvd.nist.gov/vuln/detail/CVE-2023-47233

In brcm80211 driver,it starts with the following invoking chain
to start init a timeout worker:

->brcmf_usb_probe
->brcmf_usb_probe_cb
->brcmf_attach
->brcmf_bus_started
->brcmf_cfg80211_attach
->wl_init_priv
->brcmf_init_escan
->INIT_WORK(&cfg->escan_timeout_work,
brcmf_cfg80211_escan_timeout_worker);

If we disconnect the USB by hotplug, it will call
brcmf_usb_disconnect to make cleanup. The invoking chain is :

brcmf_usb_disconnect
->brcmf_usb_disconnect_cb
->brcmf_detach
->brcmf_cfg80211_detach
->kfree(cfg);

While the timeout woker may still be running. This will cause
a use-after-free bug on cfg in brcmf_cfg80211_escan_timeout_worker.

Fix it by deleting the timer and canceling the worker in
brcmf_cfg80211_detach.

[[email protected]: keep timer delete as is and cancel work just before free]

Affected configurations

Vulners
Node
linuxlinux_kernelRange3.74.19.312
OR
linuxlinux_kernelRange4.20.05.4.274
OR
linuxlinux_kernelRange5.5.05.10.215
OR
linuxlinux_kernelRange5.11.05.15.154
OR
linuxlinux_kernelRange5.16.06.1.84
OR
linuxlinux_kernelRange6.2.06.6.24
OR
linuxlinux_kernelRange6.7.06.7.12
OR
linuxlinux_kernelRange6.8.06.8.3
OR
linuxlinux_kernelRange6.9.0
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c"
    ],
    "versions": [
      {
        "version": "e756af5b30b0",
        "lessThan": "202c50393504",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "e756af5b30b0",
        "lessThan": "8e3f03f4ef7c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "e756af5b30b0",
        "lessThan": "bacb8c3ab86d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "e756af5b30b0",
        "lessThan": "8c36205123dc",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "e756af5b30b0",
        "lessThan": "0b812f706fd7",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "e756af5b30b0",
        "lessThan": "190794848e2b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "e756af5b30b0",
        "lessThan": "6678a1e7d896",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "e756af5b30b0",
        "lessThan": "0a7591e14a8d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "e756af5b30b0",
        "lessThan": "0f7352557a35",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c"
    ],
    "versions": [
      {
        "version": "3.7",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "3.7",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.312",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.274",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.215",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.154",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.84",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.24",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.7.12",
        "lessThanOrEqual": "6.7.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.8.3",
        "lessThanOrEqual": "6.8.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

redhatcve 2
nvd 2
debiancve 2
ubuntucve 2
cvelist 2
cve 1
cbl_mariner 1
prion 1
ubuntu 15
nessus 41
osv 24
openvas 32
mageia 2
debian 2
redhatcve
redhatcve
CVE-2024-35811
2024-05-18 00:11:01
CVE-2023-47233
2023-11-07 02:32:36
nvd
nvd
CVE-2024-35811
2024-05-17 14:15:15
CVE-2023-47233
2023-11-03 21:15:17
debiancve
debiancve
CVE-2024-35811
2024-05-17 14:15:15
CVE-2023-47233
2023-11-03 21:15:17
ubuntucve
ubuntucve
CVE-2024-35811
2024-05-17 00:00:00
CVE-2023-47233
2023-11-03 00:00:00
cvelist
cvelist
CVE-2024-35811 wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
2024-05-17 13:23:17
CVE-2023-47233
2023-11-03 00:00:00
cve
cve
CVE-2023-47233
2023-11-03 21:15:17
cbl_mariner
cbl_mariner
CVE-2023-47233 affecting package kernel for versions less than 5.15.158.2-1
2024-06-12 22:23:00
prion
prion
Double free
2023-11-03 21:15:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-05-16 00:00:00
Linux kernel vulnerabilities
2024-05-21 00:00:00
Linux kernel vulnerabilities
2024-05-16 00:00:00
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6775-1)
2024-05-16 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6775-2)
2024-05-21 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6776-1)
2024-05-16 00:00:00
osv
osv
linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-raspi vulnerabilities
2024-05-16 15:39:35
linux-aws, linux-aws-5.15, linux-gke vulnerabilities
2024-05-21 22:39:36
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities
2024-05-16 16:47:34
openvas
openvas
Ubuntu: Security Advisory (USN-6775-1)
2024-05-17 00:00:00
Ubuntu: Security Advisory (USN-6775-2)
2024-05-22 00:00:00
Ubuntu: Security Advisory (USN-6776-1)
2024-05-17 00:00:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2024-04-23 04:20:56
Updated kernel, kmod-xtables-addons, kmod-virtualbox packages fix security vulnerabilities
2024-04-23 04:20:56
debian
debian
[SECURITY] [DSA 5658-1] linux security update
2024-04-13 06:38:27
[SECURITY] [DSA 5681-1] linux security update
2024-05-06 18:31:39

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.1%

JSON
Related for CVE-2024-35811
redhatcve2nvd2debiancve2ubuntucve2cvelist2cve1cbl_mariner1prion1ubuntu15nessus41osv24openvas32mageia2debian2