Bug 1701224 (CVE-2019-9500)
Summary: | CVE-2019-9500 kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | msiddiqu |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | acaringi, airlied, apmukher, asavkov, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jkacur, joe.lawrence, john.j5live, jonathan, josef, jpoimboe, jross, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, matt, mchehab, mcressma, mjg59, mlangsdo, mmezynsk, nmurray, plougher, rhandlin, rt-maint, rvrbovsk, steved, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
If the Wake-up on Wireless LAN functionality is configured in the brcmfmac driver, which only works with Broadcom FullMAC chipsets, a malicious event frame can be constructed to trigger a heap buffer overflow in the brcmf_wowl_nd_results() function. This vulnerability can be exploited by compromised chipsets to compromise the host, or when used in combination with another brcmfmac driver flaw (CVE-2019-9503), can be used remotely. This can result in a remote denial of service (DoS). Due to the nature of the flaw, a remote privilege escalation cannot be fully ruled out.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-09-04 13:07:20 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1701225, 1704879, 1704880, 1704881, 1704882, 1705384, 1705385, 1705386, 1705388, 1705389, 1751256, 1758122, 1759584, 1759585 | ||
Bug Blocks: | 1701228 |
Description
msiddiqu
2019-04-18 12:21:41 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1701225] kernel-5.0.9-200.fc29, kernel-headers-5.0.9-200.fc29, kernel-tools-5.0.9-200.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report. kernel-5.0.9-100.fc28, kernel-headers-5.0.9-100.fc28, kernel-tools-5.0.9-100.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2600 https://access.redhat.com/errata/RHSA-2019:2600 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2609 https://access.redhat.com/errata/RHSA-2019:2609 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-9500 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2703 https://access.redhat.com/errata/RHSA-2019:2703 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2741 https://access.redhat.com/errata/RHSA-2019:2741 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2945 https://access.redhat.com/errata/RHSA-2019:2945 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3217 https://access.redhat.com/errata/RHSA-2019:3217 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2019:4168 https://access.redhat.com/errata/RHSA-2019:4168 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2019:4171 https://access.redhat.com/errata/RHSA-2019:4171 |