Bug 2248430 (CVE-2023-47233) - CVE-2023-47233 kernel: Use after free in brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
Summary: CVE-2023-47233 kernel: Use after free in brcmf_cfg80211_escan_timeout_worker ...
Keywords:
Status: NEW
Alias: CVE-2023-47233
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2248431
Blocks: 2248432
TreeView+ depends on / blocked
 
Reported: 2023-11-07 02:04 UTC by Pedro Sampaio
Modified: 2024-05-01 14:04 UTC (History)
44 users (show)

Fixed In Version:
Doc Type: ---
Doc Text:
A use-after-free issue was found in the brcm80211 component in the Linux kernel, which may be triggered by a physical attacker while disconnecting a device.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Pedro Sampaio 2023-11-07 02:04:10 UTC 
The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.

References:

https://bugzilla.suse.com/show_bug.cgi?id=1216702
https://lore.kernel.org/all/20231104054709.716585-1-zyytlz.wz@163.com/
https://marc.info/?l=linux-kernel&m=169907678011243&w=2
Comment 1 Pedro Sampaio 2023-11-07 02:04:42 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2248431]
Note You need to log in before you can comment on or make changes to this bug.