8.3 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
7.9 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
54.2%
The Broadcom brcmfmac WiFi driver prior to commit
a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame
validation bypass. If the brcmfmac driver receives a firmware event frame
from a remote source, the is_wlc_event_frame function will cause this frame
to be discarded and unprocessed. If the driver receives the firmware event
frame from the host, the appropriate handler is called. This frame
validation can be bypassed if the bus used is USB (for instance by a wifi
dongle). This can allow firmware event frames from a remote source to be
processed. In the worst case scenario, by sending specially-crafted WiFi
packets, a remote, unauthenticated attacker may be able to execute
arbitrary code on a vulnerable system. More typically, this vulnerability
will result in denial-of-service conditions.
Author | Note |
---|---|
mdeslaur | this was originally called CVE-2019-8564 by mistake |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-50.54 | UNKNOWN |
ubuntu | 18.10 | noarch | linux | < 4.18.0-20.21 | UNKNOWN |
ubuntu | 19.04 | noarch | linux | < 5.0.0-15.16 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-157.185 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1039.41 | UNKNOWN |
ubuntu | 18.10 | noarch | linux-aws | < 4.18.0-1016.18 | UNKNOWN |
ubuntu | 19.04 | noarch | linux-aws | < 5.0.0-1006.6 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | < 4.4.0-1090.101 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws-hwe | < 4.15.0-1039.41~16.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure | < 4.18.0-1018.18~18.04.1 | UNKNOWN |
blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html
launchpad.net/bugs/cve/CVE-2019-9503
nvd.nist.gov/vuln/detail/CVE-2019-9503
security-tracker.debian.org/tracker/CVE-2019-9503
ubuntu.com/security/notices/USN-3979-1
ubuntu.com/security/notices/USN-3980-1
ubuntu.com/security/notices/USN-3980-2
ubuntu.com/security/notices/USN-3981-1
ubuntu.com/security/notices/USN-3981-2
ubuntu.com/security/notices/USN-4076-1
ubuntu.com/security/notices/USN-4095-1
www.cve.org/CVERecord?id=CVE-2019-9503
8.3 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
7.9 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
54.2%