71 matches found
kernel: wifi: brcmfmac: validate bsscfg indices in IF events
A flaw was found in the Linux kernel's brcmfmac Wi-Fi driver. This vulnerability occurs because the driver fails to properly validate bsscfg indices in interface IF events. An attacker could exploit this by sending a specially crafted IF event with an invalid bsscfg index, which could lead to an...
CVE-2026-46180
A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the brcmfmac Wi-Fi driver when stopping the watchdog task. This issue occurs because the watchdog task might terminate prematurely, leading to a use-after-free condition. This could allow a local attacker to cause a...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: brcmfmac – Fix for crashes occurring when sending Action Frames in standalone AP Mode Currently, whenever an Action Frame needs to be transmitted, the brcmfmac driver always uses the P2P vif to send the “actframe” IOVAR to...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: brcmfmac: Check the return value of ofpropertyreadstringindex. Between version 6.10 and 6.11, the driver began crashing on my MacBookPro14,3. The ofpropertyreadstringindex function does not exist, and the tmp variable...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: brcmfmac – Check the count value of the channel specification to prevent out-of-bounds reads This patch fixes out-of-bounds reads in brcmfconstructchaninfo and brcmfenablebw402g, which occur when the count value of the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: In brcmfmac, cfg80211: Handle PMKSA deletion based on the SSID. wpasupplicant 2.11 sends commands for PMKSA flush based on the SSID from version 1efdba5fdc2c statement: “Handle PMKSA flush in the driver for SAE/OWE offlo...
CVE-2026-43144
A flaw was found in the Linux kernel's brcmfmac Wi-Fi driver. When the probe of an SDIO Secure Digital Input/Output brcmfmac device fails, for example due to missing firmware, an invalid bus pointer can be set. This incorrect state can lead to a kernel oops, which is a type of system crash, when...
CVE-2026-43144 wifi: brcmfmac: Fix potential kernel oops when probe fails
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential kernel oops when probe fails When probe of the sdio brcmfmac device fails for some reasons i.e. missing firmware, the sdiodev-bus is set to error instead of NULL, thus the cleanup later in...
CVE-2026-43110 wifi: brcmfmac: validate bsscfg indices in IF events
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmffwehhandleifevent validates the firmware-provided interface index before it touches drvr-iflist, but it still uses the raw bsscfgidx field as an array index without a...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the brcmfmac driver. When the detection fails, sdiodev-bus is set to an incorrect value instead o...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012992)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012992 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Currently, whenever...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004210)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004210 advisory. The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receive...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001615)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001615 advisory. The brcmfcfg80211mgmttx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denia...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003926)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003926 advisory. The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receive...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003115)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003115 advisory. Stack-based buffer overflow in the brcmfcfg80211startap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allo...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000233)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000233 advisory. The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992467)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992467 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmfcpreinitdcmds This patch fixes a...
SUSE CVE-2025-40321
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Currently, whenever there is a need to transmit an Action frame, the brcmfmac driver always uses the P2P vif to send the "actframe" IOVAR to firmware. Th...
CVE-2025-40321
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Currently, whenever there is a need to transmit an Action frame, the brcmfmac driver always uses the P2P vif to send the "actframe" IOVAR to firmware. Th...
CVE-2025-40321
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode Currently, whenever there is a need to transmit an Action frame, the brcmfmac driver always uses the P2P vif to send the "actframe" IOVAR to firmware. Th...