22 matches found
undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames
A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion,...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003926)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003926 advisory. The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receive...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004210)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004210 advisory. The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receive...
EUVD-2019-18877
Malware in sbrugna...
K50081147: Linux kernel vulnerabilities CVE-2019-9500, CVE-2019-9503
Security Advisory Description CVE-2019-9500 The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap...
SUSE CVE-2019-9503
The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the iswlceventframe function will cause this frame to be discarded and unprocessed. I...
SUSE: Security Advisory (SUSE-SU-2019:1241-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 8 : kernel (CESA-2019:2703)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:2703 advisory. - kernel: Use-after-free in sound/usb/card.c:usbaudioprobe CVE-2018-19824 - kernel: Count overflow in FUSE request leading to use-after-free issues...
kernel: brcmfmac frame validation bypass
If the brcmfmac driver receives a firmware event frame from a remote source, the iswlceventframe function will cause this frame to be discarded and not be processed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be...
Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5715)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5715 advisory. - x86/speculation: Add SRBDS vulnerability and mitigation documentation Mark Gross Orabug: 31422209 CVE-2020-0543 - x86/speculation: Add Special Regist...
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5670)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5670 advisory. - brcmfmac: add subtype check for event handling in data path John Donnelly Orabug: 30776354 CVE-2019-9503 - mwifiex: pcie: Fix memory leak in...
Scientific Linux Security Update : kernel on SL7.x x86_64 (20200407)
kernel: out of bound read in DVB connexant driver. kernel: Missing permissions check for requestkey destination allows local attackers to add keys to keyring without Write permission kernel: denial of service via ioctl call in network tun handling kernel: usb: missing size check in the...
CentOS 7 : kernel (RHSA-2020:1016)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1016 advisory. - In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size...
kernel: brcmfmac frame validation bypass
If the brcmfmac driver receives a firmware event frame from a remote source, the iswlceventframe function will cause this frame to be discarded and not be processed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be...
CVE-2019-9503
The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the iswlceventframe function will cause this frame to be discarded and unprocessed. I...
CVE-2019-9503
The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the iswlceventframe function will cause this frame to be discarded and unprocessed. I...
DEBIAN-CVE-2019-9503
The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the iswlceventframe function will cause this frame to be discarded and unprocessed. I...
Input validation
The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the iswlceventframe function will cause this frame to be discarded and unprocessed. I...
CVE-2019-9503
CVE-2019-9503 affects the Broadcom brcmfmac WiFi driver: prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f, the driver is vulnerable to a frame validation bypass. If a firmware event frame is received from a remote source, is_wlc_event_frame may discard or bypass handling, potentially allo...
CVE-2019-9503
The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the iswlceventframe function will cause this frame to be discarded and unprocessed. I...