kernel: wifi: brcmfmac: validate bsscfg indices in IF events

A flaw was found in the Linux kernel's brcmfmac Wi-Fi driver. This vulnerability occurs because the driver fails to properly validate bsscfg indices in interface IF events. An attacker could exploit this by sending a specially crafted IF event with an invalid bsscfg index, which could lead to an...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the b43rx function in the b43 driver. This function fails to perform forced boundary checks on th...

ROS-20260119-7347

A vulnerability in the brcmftxfinalize function of the drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c component of the Linux operating system kernel is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000910)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000910 advisory. A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101...

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-004377)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004377 advisory. The brcm80211 component in the Linux kernel through 6.5.10 has a brcmfcfg80211detach use-after-free in the device unplugging disconnect the USB by hotplug code. For...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002476)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002476 advisory. Format string vulnerability in the b43requestfirmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002008)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002008 advisory. Format string vulnerability in the b43requestfirmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003330)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003330 advisory. Stack-based buffer overflow in the brcmfcfg80211startap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allo...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an invalid address access in brcmfmac, which could cause the kernel to crash...

EUVD-2017-4678

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414387)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414387 advisory. A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow...

UBUNTU-CVE-2023-53582

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds Fix a stack-out-of-bounds read in brcmfmac that occurs when 'buf' that is not null-terminated is passed as an argument of strreplace in...

UBUNTU-CVE-2025-21744

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix NULL pointer dereference in brcmftxfinalize On removal of the device or unloading of the kernel module a potential NULL pointer dereference occurs. The following sequence deletes the interface: brcmfdetach...

USN-6817-2 linux-oem-6.8 vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Zheng Wang discovered that the Broadc...

USN-6775-2 linux-aws, linux-aws-5.15, linux-gke vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 Several...

DEBIAN-CVE-2023-47233

The brcm80211 component in the Linux kernel through 6.5.10 has a brcmfcfg80211detach use-after-free in the device unplugging disconnect the USB by hotplug code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to...

kernel: wifi: brcmfmac: fix invalid address access when enabling SCAN log level

A NULL pointer dereference vulnerability was found in the Broadcom brcmfmac wireless driver in the Linux kernel. When the SCAN debug log level is enabled, a loop variable 'i' is incorrectly modified when setting random MAC addresses. This causes an invalid memory access when attempting to print...

kernel: wifi: brcmfmac: fix invalid address access when enabling SCAN log level

A NULL pointer dereference vulnerability was found in the Broadcom brcmfmac wireless driver in the Linux kernel. When the SCAN debug log level is enabled, a loop variable 'i' is incorrectly modified when setting random MAC addresses. This causes an invalid memory access when attempting to print...

SUSE CVE-2023-1380

A slab-out-of-bound read problem was found in brcmfgetassocies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when associnfo-reqlen data is bigger than the size of the buffer, defined as WLEXTRABUFMAX, leading to a denial of service...

USN-5919-1 linux-aws-hwe, linux-oracle vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...