Bug 1701842 (CVE-2019-9503)
| Summary: | CVE-2019-9503 kernel: brcmfmac frame validation bypass | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | msiddiqu |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | acaringi, airlied, apmukher, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jkacur, john.j5live, jonathan, josef, jross, jstancek, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, matt, mchehab, mcressma, mjg59, mlangsdo, mmilgram, nmurray, plougher, rt-maint, rvrbovsk, steved, vdronov, williams |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and not be processed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a WiFi dongle). This can allow firmware event frames from a remote source to be processed and this can result in denial of service (DoS) condition.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-09-12 12:45:48 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1701843, 1704680, 1704681, 1704682, 1704683, 1704684, 1704685, 1733895, 1734041, 1828297, 1828298 | ||
| Bug Blocks: | 1701846, 1701869 | ||
|
Description
msiddiqu
2019-04-22 09:11:11 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1701843] Note: This vulnerability was originally called CVE-2019-8564 by mistake. kernel-5.0.11-100.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2703 https://access.redhat.com/errata/RHSA-2019:2703 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2741 https://access.redhat.com/errata/RHSA-2019:2741 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-9503 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1016 https://access.redhat.com/errata/RHSA-2020:1016 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1070 https://access.redhat.com/errata/RHSA-2020:1070 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:2522 https://access.redhat.com/errata/RHSA-2020:2522 |