Lucene search

K
redhatcveRedhat.comRH:CVE-2023-47233
HistoryNov 07, 2023 - 2:32 a.m.

CVE-2023-47233

2023-11-0702:32:36
redhat.com
access.redhat.com
38
use-after-free
brcm80211
linux kernel
physical attacker
device disconnect
mitigation
blacklist
kernel module

CVSS3

4.3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

4.1

Confidence

High

EPSS

0

Percentile

5.1%

A use-after-free issue was found in the brcm80211 component in the Linux kernel, which may be triggered by a physical attacker while disconnecting a device.

Mitigation

To mitigate this issue, prevent module brcmfmac from being loaded. Please see <https://access.redhat.com/solutions/41278&gt; for how to blacklist a kernel module to prevent it from loading automatically.

CVSS3

4.3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

4.1

Confidence

High

EPSS

0

Percentile

5.1%