CVE-2018-19860

Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command...

📄 Broadcom Wi-Fi Firmware Out-Of-Bounds Write

Broadcom Wi-Fi firmware remote code execution exploit via an out-of-bounds write in the RRM Neighbor Report Handler. ============================================================================================================================================= | Title : Broadcom 802.11k Remote Code...

EUVD-2018-11534

Malware in sbrugna...

kernel: wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds()

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmfcpreinitdcmds This patch fixes a stack-out-of-bounds read in brcmfmac that occurs when 'buf' that is not null-terminated is passed as an argument of strsep in...

SUSE: Security Advisory (SUSE-SU-2021:4201-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2021:1648-1 Security update for kernel-firmware

This update for kernel-firmware fixes the following issues: - CVE-2019-15126: Updated Broadcom firmware to fix Kr00k bug bsc1167162. This update was imported from the SUSE:SLE-15-SP1:Update update project...

SUSE-SU-2021:4201-1 Security update for kernel-firmware

This update for kernel-firmware fixes the following issues: - CVE-2019-15126: Updated Broadcom firmware to fix Kr00k bug bsc1167162...

CVE-2018-19860

Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command...

Command injection

Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command...

MGASA-2017-0472 Updated nonfree firmwares fixes security issues and adds new hw support

Updated nonfree firmwares fixes at least the following security issues: Broadcom firmware fixes: - dropping BRCM proprietary packets received over the air CVE-2016-0801 - adding length checks for TDLS action frames CVE-2017-0561 - adding length checks for WME IE CVE-2017-9417 Iwlwifi firmware...

Stack overflow

Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from CVE-2017-6956 exploitation without patching Broadcom firmware functions, there is a separate CVE I...

CVE-2017-6975

Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from CVE-2017-6956 exploitation without patching Broadcom firmware functions, there is a separate CVE I...

CVE-2017-6957

Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC SoC chips, when the firmware supports CCKM Fast and Secure Roaming and the feature is enabled in RAM, allows remote attackers to execute arbitrary code via a crafted reassociation response frame with a Cisco IE 156...