Vulnerability CVE-2019-9500: Information

Description

The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

Severity: HIGH (8.3) Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-9500

Published: Jan. 17, 2020

Modified: Jan. 19, 2023

Error type identifier: CWE-787

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
kernel-image-mp	sisyphus	5.1.4-alt1	6.8.8-alt1	ALT-PU-2019-1893-1	229843	Fixed
kernel-image-mp	p10	5.1.4-alt1	6.1.19-alt1	ALT-PU-2019-1893-1	229843	Fixed
kernel-image-mp	p9	5.1.4-alt1	5.12.16-alt1	ALT-PU-2019-1896-1	229885	Fixed
kernel-image-mp	c9f2	5.1.4-alt1	5.7.16-alt1	ALT-PU-2019-1896-1	229885	Fixed
kernel-image-std-def	sisyphus	4.19.49-alt1	6.1.91-alt1	ALT-PU-2019-2050-1	231771	Fixed
kernel-image-std-def	p10	4.19.49-alt1	5.10.216-alt1	ALT-PU-2019-2050-1	231771	Fixed
kernel-image-std-def	p9	4.19.49-alt1	5.4.275-alt1	ALT-PU-2019-2063-1	231772	Fixed
kernel-image-std-def	p8	4.9.181-alt0.M80P.1	4.9.337-alt0.M80P.1	ALT-PU-2019-2086-1	232429	Fixed
kernel-image-std-def	c9f2	4.19.49-alt1	5.10.214-alt0.c9f.2	ALT-PU-2019-2063-1	231772	Fixed
kernel-image-un-def	sisyphus	5.0.21-alt2	6.6.31-alt1	ALT-PU-2019-2076-1	232426	Fixed
kernel-image-un-def	p10	5.0.21-alt2	6.1.85-alt1	ALT-PU-2019-2076-1	232426	Fixed
kernel-image-un-def	p9	5.0.21-alt2	5.10.216-alt2	ALT-PU-2019-2077-1	232427	Fixed
kernel-image-un-def	p8	4.19.51-alt0.M80P.1	4.19.310-alt0.M80P.1	ALT-PU-2019-2084-1	232449	Fixed
kernel-image-un-def	c10f1	5.0.21-alt2	6.1.85-alt0.c10f.1	ALT-PU-2019-2076-1	232426	Fixed
kernel-image-un-def	c9f2	5.0.21-alt2	5.10.29-alt2	ALT-PU-2019-2077-1	232427	Fixed
kernel-image-un-def	c7	4.9.277-alt0.M70C.1	4.9.277-alt0.M70C.1	ALT-PU-2021-3032-1	281292	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://kb.cert.org/vuls/id/166939/	Third Party Advisory US Government Resource
https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff	Patch Third Party Advisory
https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html	Exploit Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:broadcom:brcmfmac_driver:-:*:*:*:*:*:*:*
  
  Configuration 2
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  4.5
  End excliding
  4.9.181
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  4.10
  End excliding
  4.14.123
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  4.15
  End excliding
  4.19.47
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  4.20
  End excliding
  5.0.20

Version: v24.5.1

Vulnerability CVE-2019-9500: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2