1. Home
  2. Vulnerabilities
  3. CVE-2019-9500

CVE-2019-9500

CVSS v3.1 8.3 (High)
83% Progress
CVSS v2.0 7.9 (High)
79% Progress
EPSS 0.68 % (80th)
0.68% Progress
Affected Products 2
Advisories 44
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

Weaknesses
CWE-122
Heap-based Buffer Overflow
CWE-787
Out-of-bounds Write
Related CVEs
CVE Status
PUBLISHED
CNA
CERT/CC
Published Date
2020-01-16 21:15:12
(4 years ago)
Updated Date
2023-01-19 15:53:59
(20 months ago)

Affected Products

Broadcom

Linux

Configuration #1

    CPE23 From Up To
  Broadcom Brcmfmac Driver cpe:2.3:a:broadcom:brcmfmac_driver:-

Configuration #2

    CPE23 From Up To
  Linux Kernel from 4.5 version and prior 4.9.181 version cpe:2.3:o:linux:linux_kernel >= 4.5 < 4.9.181
  Linux Kernel from 4.10 version and prior 4.14.123 version cpe:2.3:o:linux:linux_kernel >= 4.10 < 4.14.123
  Linux Kernel from 4.15 version and prior 4.19.47 version cpe:2.3:o:linux:linux_kernel >= 4.15 < 4.19.47
  Linux Kernel from 4.20 version and prior 5.0.20 version cpe:2.3:o:linux:linux_kernel >= 4.20 < 5.0.20