Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-47233
HistoryNov 03, 2023 - 12:00 a.m.

CVE-2023-47233

2023-11-0300:00:00
ubuntu.com
ubuntu.com
14
linux kernel vulnerability
brcm80211 component
use-after-free
usb hotplug
physically proximate attackers

4.3 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

The brcm80211 component in the Linux kernel through 6.5.10 has a
brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect
the USB by hotplug) code. For physically proximate attackers with local
access, this “could be exploited in a real world scenario.” This is related
to brcmf_cfg80211_escan_timeout_worker in
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.

Bugs

Notes

Author Note
Priority reason: Requires driver or device to be removed or unbound, which requires either privilege or physical access
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-225.237UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-182.202UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-107.117UNKNOWN
ubuntu23.10noarchlinux< 6.5.0-35.35UNKNOWN
ubuntu24.04noarchlinux< 6.8.0-35.35UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-254.288UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1168.181UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1125.135UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1062.68UNKNOWN
ubuntu23.10noarchlinux-aws< 6.5.0-1020.20UNKNOWN
Rows per page:
1-10 of 941

References

4.3 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%