ID CVE-2019-9500
Summary The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
References
Vulnerable Configurations
  • cpe:2.3:a:broadcom:brcmfmac_driver:-:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:brcmfmac_driver:-:*:*:*:*:*:*:*
CVSS
Base: 7.9 (as of 29-01-2020 - 15:19)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
ADJACENT_NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:A/AC:M/Au:N/C:C/I:C/A:C
redhat via4
advisories
  • bugzilla
    id 1724389
    title CVE-2019-1125 kernel: hw: Spectre SWAPGS gadget vulnerability
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • comment kernel earlier than 0:3.10.0-1062.1.1.el7 is currently running
          oval oval:com.redhat.rhsa:tst:20192600033
        • comment kernel earlier than 0:3.10.0-1062.1.1.el7 is set to boot up on next boot
          oval oval:com.redhat.rhsa:tst:20192600034
      • OR
        • AND
          • comment bpftool is earlier than 0:3.10.0-1062.1.1.el7
            oval oval:com.redhat.rhsa:tst:20192600001
          • comment bpftool is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20183083002
        • AND
          • comment kernel is earlier than 0:3.10.0-1062.1.1.el7
            oval oval:com.redhat.rhsa:tst:20192600003
          • comment kernel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842002
        • AND
          • comment kernel-abi-whitelists is earlier than 0:3.10.0-1062.1.1.el7
            oval oval:com.redhat.rhsa:tst:20192600005
          • comment kernel-abi-whitelists is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20131645004
        • AND
          • comment kernel-bootwrapper is earlier than 0:3.10.0-1062.1.1.el7
            oval oval:com.redhat.rhsa:tst:20192600007
          • comment kernel-bootwrapper is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842004
        • AND
          • comment kernel-debug is earlier than 0:3.10.0-1062.1.1.el7
            oval oval:com.redhat.rhsa:tst:20192600009
          • comment kernel-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842006
        • AND
          • comment kernel-debug-devel is earlier than 0:3.10.0-1062.1.1.el7
            oval oval:com.redhat.rhsa:tst:20192600011
          • comment kernel-debug-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842008
        • AND
          • comment kernel-devel is earlier than 0:3.10.0-1062.1.1.el7
            oval oval:com.redhat.rhsa:tst:20192600013
          • comment kernel-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842010
        • AND
          • comment kernel-doc is earlier than 0:3.10.0-1062.1.1.el7
            oval oval:com.redhat.rhsa:tst:20192600015
          • comment kernel-doc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842012
        • AND
          • comment kernel-headers is earlier than 0:3.10.0-1062.1.1.el7
            oval oval:com.redhat.rhsa:tst:20192600017
          • comment kernel-headers is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842016
        • AND
          • comment kernel-kdump is earlier than 0:3.10.0-1062.1.1.el7
            oval oval:com.redhat.rhsa:tst:20192600019
          • comment kernel-kdump is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842018
        • AND
          • comment kernel-kdump-devel is earlier than 0:3.10.0-1062.1.1.el7
            oval oval:com.redhat.rhsa:tst:20192600021
          • comment kernel-kdump-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842020
        • AND
          • comment kernel-tools is earlier than 0:3.10.0-1062.1.1.el7
            oval oval:com.redhat.rhsa:tst:20192600023
          • comment kernel-tools is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140678022
        • AND
          • comment kernel-tools-libs is earlier than 0:3.10.0-1062.1.1.el7
            oval oval:com.redhat.rhsa:tst:20192600025
          • comment kernel-tools-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140678024
        • AND
          • comment kernel-tools-libs-devel is earlier than 0:3.10.0-1062.1.1.el7
            oval oval:com.redhat.rhsa:tst:20192600027
          • comment kernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140678026
        • AND
          • comment perf is earlier than 0:3.10.0-1062.1.1.el7
            oval oval:com.redhat.rhsa:tst:20192600029
          • comment perf is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100842022
        • AND
          • comment python-perf is earlier than 0:3.10.0-1062.1.1.el7
            oval oval:com.redhat.rhsa:tst:20192600031
          • comment python-perf is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111530024
    rhsa
    id RHSA-2019:2600
    released 2019-09-04
    severity Important
    title RHSA-2019:2600: kernel security and bug fix update (Important)
  • bugzilla
    id 1740918
    title kernel-rt: update to the RHEL7.7.z batch#1 source tree
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • comment kernel-rt earlier than 0:3.10.0-1062.1.1.rt56.1024.el7 is currently running
          oval oval:com.redhat.rhsa:tst:20192600033
        • comment kernel-rt earlier than 0:3.10.0-1062.1.1.rt56.1024.el7 is set to boot up on next boot
          oval oval:com.redhat.rhsa:tst:20192609022
      • OR
        • AND
          • comment kernel-rt is earlier than 0:3.10.0-1062.1.1.rt56.1024.el7
            oval oval:com.redhat.rhsa:tst:20192609001
          • comment kernel-rt is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150727002
        • AND
          • comment kernel-rt-debug is earlier than 0:3.10.0-1062.1.1.rt56.1024.el7
            oval oval:com.redhat.rhsa:tst:20192609003
          • comment kernel-rt-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150727004
        • AND
          • comment kernel-rt-debug-devel is earlier than 0:3.10.0-1062.1.1.rt56.1024.el7
            oval oval:com.redhat.rhsa:tst:20192609005
          • comment kernel-rt-debug-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150727006
        • AND
          • comment kernel-rt-debug-kvm is earlier than 0:3.10.0-1062.1.1.rt56.1024.el7
            oval oval:com.redhat.rhsa:tst:20192609007
          • comment kernel-rt-debug-kvm is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160212008
        • AND
          • comment kernel-rt-devel is earlier than 0:3.10.0-1062.1.1.rt56.1024.el7
            oval oval:com.redhat.rhsa:tst:20192609009
          • comment kernel-rt-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150727008
        • AND
          • comment kernel-rt-doc is earlier than 0:3.10.0-1062.1.1.rt56.1024.el7
            oval oval:com.redhat.rhsa:tst:20192609011
          • comment kernel-rt-doc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150727010
        • AND
          • comment kernel-rt-kvm is earlier than 0:3.10.0-1062.1.1.rt56.1024.el7
            oval oval:com.redhat.rhsa:tst:20192609013
          • comment kernel-rt-kvm is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160212014
        • AND
          • comment kernel-rt-trace is earlier than 0:3.10.0-1062.1.1.rt56.1024.el7
            oval oval:com.redhat.rhsa:tst:20192609015
          • comment kernel-rt-trace is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150727012
        • AND
          • comment kernel-rt-trace-devel is earlier than 0:3.10.0-1062.1.1.rt56.1024.el7
            oval oval:com.redhat.rhsa:tst:20192609017
          • comment kernel-rt-trace-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150727014
        • AND
          • comment kernel-rt-trace-kvm is earlier than 0:3.10.0-1062.1.1.rt56.1024.el7
            oval oval:com.redhat.rhsa:tst:20192609019
          • comment kernel-rt-trace-kvm is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160212020
    rhsa
    id RHSA-2019:2609
    released 2019-09-04
    severity Important
    title RHSA-2019:2609: kernel-rt security and bug fix update (Important)
rpms
  • bpftool-0:3.10.0-1062.1.1.el7
  • bpftool-debuginfo-0:3.10.0-1062.1.1.el7
  • kernel-0:3.10.0-1062.1.1.el7
  • kernel-abi-whitelists-0:3.10.0-1062.1.1.el7
  • kernel-bootwrapper-0:3.10.0-1062.1.1.el7
  • kernel-debug-0:3.10.0-1062.1.1.el7
  • kernel-debug-debuginfo-0:3.10.0-1062.1.1.el7
  • kernel-debug-devel-0:3.10.0-1062.1.1.el7
  • kernel-debuginfo-0:3.10.0-1062.1.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-1062.1.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-1062.1.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-1062.1.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-1062.1.1.el7
  • kernel-devel-0:3.10.0-1062.1.1.el7
  • kernel-doc-0:3.10.0-1062.1.1.el7
  • kernel-headers-0:3.10.0-1062.1.1.el7
  • kernel-kdump-0:3.10.0-1062.1.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-1062.1.1.el7
  • kernel-kdump-devel-0:3.10.0-1062.1.1.el7
  • kernel-tools-0:3.10.0-1062.1.1.el7
  • kernel-tools-debuginfo-0:3.10.0-1062.1.1.el7
  • kernel-tools-libs-0:3.10.0-1062.1.1.el7
  • kernel-tools-libs-devel-0:3.10.0-1062.1.1.el7
  • perf-0:3.10.0-1062.1.1.el7
  • perf-debuginfo-0:3.10.0-1062.1.1.el7
  • python-perf-0:3.10.0-1062.1.1.el7
  • python-perf-debuginfo-0:3.10.0-1062.1.1.el7
  • kernel-rt-0:3.10.0-1062.1.1.rt56.1024.el7
  • kernel-rt-debug-0:3.10.0-1062.1.1.rt56.1024.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-1062.1.1.rt56.1024.el7
  • kernel-rt-debug-devel-0:3.10.0-1062.1.1.rt56.1024.el7
  • kernel-rt-debug-kvm-0:3.10.0-1062.1.1.rt56.1024.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-1062.1.1.rt56.1024.el7
  • kernel-rt-debuginfo-0:3.10.0-1062.1.1.rt56.1024.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-1062.1.1.rt56.1024.el7
  • kernel-rt-devel-0:3.10.0-1062.1.1.rt56.1024.el7
  • kernel-rt-doc-0:3.10.0-1062.1.1.rt56.1024.el7
  • kernel-rt-kvm-0:3.10.0-1062.1.1.rt56.1024.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-1062.1.1.rt56.1024.el7
  • kernel-rt-trace-0:3.10.0-1062.1.1.rt56.1024.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-1062.1.1.rt56.1024.el7
  • kernel-rt-trace-devel-0:3.10.0-1062.1.1.rt56.1024.el7
  • kernel-rt-trace-kvm-0:3.10.0-1062.1.1.rt56.1024.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-1062.1.1.rt56.1024.el7
  • bpftool-0:4.18.0-80.11.1.el8_0
  • bpftool-debuginfo-0:4.18.0-80.11.1.el8_0
  • kernel-0:4.18.0-80.11.1.el8_0
  • kernel-abi-whitelists-0:4.18.0-80.11.1.el8_0
  • kernel-core-0:4.18.0-80.11.1.el8_0
  • kernel-cross-headers-0:4.18.0-80.11.1.el8_0
  • kernel-debug-0:4.18.0-80.11.1.el8_0
  • kernel-debug-core-0:4.18.0-80.11.1.el8_0
  • kernel-debug-debuginfo-0:4.18.0-80.11.1.el8_0
  • kernel-debug-devel-0:4.18.0-80.11.1.el8_0
  • kernel-debug-modules-0:4.18.0-80.11.1.el8_0
  • kernel-debug-modules-extra-0:4.18.0-80.11.1.el8_0
  • kernel-debuginfo-0:4.18.0-80.11.1.el8_0
  • kernel-debuginfo-common-aarch64-0:4.18.0-80.11.1.el8_0
  • kernel-debuginfo-common-ppc64le-0:4.18.0-80.11.1.el8_0
  • kernel-debuginfo-common-s390x-0:4.18.0-80.11.1.el8_0
  • kernel-debuginfo-common-x86_64-0:4.18.0-80.11.1.el8_0
  • kernel-devel-0:4.18.0-80.11.1.el8_0
  • kernel-doc-0:4.18.0-80.11.1.el8_0
  • kernel-headers-0:4.18.0-80.11.1.el8_0
  • kernel-modules-0:4.18.0-80.11.1.el8_0
  • kernel-modules-extra-0:4.18.0-80.11.1.el8_0
  • kernel-tools-0:4.18.0-80.11.1.el8_0
  • kernel-tools-debuginfo-0:4.18.0-80.11.1.el8_0
  • kernel-tools-libs-0:4.18.0-80.11.1.el8_0
  • kernel-tools-libs-devel-0:4.18.0-80.11.1.el8_0
  • kernel-zfcpdump-0:4.18.0-80.11.1.el8_0
  • kernel-zfcpdump-core-0:4.18.0-80.11.1.el8_0
  • kernel-zfcpdump-debuginfo-0:4.18.0-80.11.1.el8_0
  • kernel-zfcpdump-devel-0:4.18.0-80.11.1.el8_0
  • kernel-zfcpdump-modules-0:4.18.0-80.11.1.el8_0
  • kernel-zfcpdump-modules-extra-0:4.18.0-80.11.1.el8_0
  • perf-0:4.18.0-80.11.1.el8_0
  • perf-debuginfo-0:4.18.0-80.11.1.el8_0
  • python3-perf-0:4.18.0-80.11.1.el8_0
  • python3-perf-debuginfo-0:4.18.0-80.11.1.el8_0
  • kernel-rt-0:4.18.0-80.11.1.rt9.156.el8_0
  • kernel-rt-core-0:4.18.0-80.11.1.rt9.156.el8_0
  • kernel-rt-debug-0:4.18.0-80.11.1.rt9.156.el8_0
  • kernel-rt-debug-core-0:4.18.0-80.11.1.rt9.156.el8_0
  • kernel-rt-debug-debuginfo-0:4.18.0-80.11.1.rt9.156.el8_0
  • kernel-rt-debug-devel-0:4.18.0-80.11.1.rt9.156.el8_0
  • kernel-rt-debug-kvm-0:4.18.0-80.11.1.rt9.156.el8_0
  • kernel-rt-debug-kvm-debuginfo-0:4.18.0-80.11.1.rt9.156.el8_0
  • kernel-rt-debug-modules-0:4.18.0-80.11.1.rt9.156.el8_0
  • kernel-rt-debug-modules-extra-0:4.18.0-80.11.1.rt9.156.el8_0
  • kernel-rt-debuginfo-0:4.18.0-80.11.1.rt9.156.el8_0
  • kernel-rt-debuginfo-common-x86_64-0:4.18.0-80.11.1.rt9.156.el8_0
  • kernel-rt-devel-0:4.18.0-80.11.1.rt9.156.el8_0
  • kernel-rt-kvm-0:4.18.0-80.11.1.rt9.156.el8_0
  • kernel-rt-kvm-debuginfo-0:4.18.0-80.11.1.rt9.156.el8_0
  • kernel-rt-modules-0:4.18.0-80.11.1.rt9.156.el8_0
  • kernel-rt-modules-extra-0:4.18.0-80.11.1.rt9.156.el8_0
  • kpatch-patch-3_10_0-1062-0:1-2.el7
  • kpatch-patch-3_10_0-1062-debuginfo-0:1-2.el7
  • kernel-0:4.14.0-115.14.1.el7a
  • kernel-abi-whitelists-0:4.14.0-115.14.1.el7a
  • kernel-bootwrapper-0:4.14.0-115.14.1.el7a
  • kernel-debug-0:4.14.0-115.14.1.el7a
  • kernel-debug-debuginfo-0:4.14.0-115.14.1.el7a
  • kernel-debug-devel-0:4.14.0-115.14.1.el7a
  • kernel-debuginfo-0:4.14.0-115.14.1.el7a
  • kernel-debuginfo-common-aarch64-0:4.14.0-115.14.1.el7a
  • kernel-debuginfo-common-ppc64le-0:4.14.0-115.14.1.el7a
  • kernel-debuginfo-common-s390x-0:4.14.0-115.14.1.el7a
  • kernel-devel-0:4.14.0-115.14.1.el7a
  • kernel-doc-0:4.14.0-115.14.1.el7a
  • kernel-headers-0:4.14.0-115.14.1.el7a
  • kernel-kdump-0:4.14.0-115.14.1.el7a
  • kernel-kdump-debuginfo-0:4.14.0-115.14.1.el7a
  • kernel-kdump-devel-0:4.14.0-115.14.1.el7a
  • kernel-tools-0:4.14.0-115.14.1.el7a
  • kernel-tools-debuginfo-0:4.14.0-115.14.1.el7a
  • kernel-tools-libs-0:4.14.0-115.14.1.el7a
  • kernel-tools-libs-devel-0:4.14.0-115.14.1.el7a
  • perf-0:4.14.0-115.14.1.el7a
  • perf-debuginfo-0:4.14.0-115.14.1.el7a
  • python-perf-0:4.14.0-115.14.1.el7a
  • python-perf-debuginfo-0:4.14.0-115.14.1.el7a
  • bpftool-0:3.10.0-957.41.1.el7
  • kernel-0:3.10.0-957.41.1.el7
  • kernel-abi-whitelists-0:3.10.0-957.41.1.el7
  • kernel-bootwrapper-0:3.10.0-957.41.1.el7
  • kernel-debug-0:3.10.0-957.41.1.el7
  • kernel-debug-debuginfo-0:3.10.0-957.41.1.el7
  • kernel-debug-devel-0:3.10.0-957.41.1.el7
  • kernel-debuginfo-0:3.10.0-957.41.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-957.41.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-957.41.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-957.41.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-957.41.1.el7
  • kernel-devel-0:3.10.0-957.41.1.el7
  • kernel-doc-0:3.10.0-957.41.1.el7
  • kernel-headers-0:3.10.0-957.41.1.el7
  • kernel-kdump-0:3.10.0-957.41.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-957.41.1.el7
  • kernel-kdump-devel-0:3.10.0-957.41.1.el7
  • kernel-tools-0:3.10.0-957.41.1.el7
  • kernel-tools-debuginfo-0:3.10.0-957.41.1.el7
  • kernel-tools-libs-0:3.10.0-957.41.1.el7
  • kernel-tools-libs-devel-0:3.10.0-957.41.1.el7
  • perf-0:3.10.0-957.41.1.el7
  • perf-debuginfo-0:3.10.0-957.41.1.el7
  • python-perf-0:3.10.0-957.41.1.el7
  • python-perf-debuginfo-0:3.10.0-957.41.1.el7
  • kpatch-patch-3_10_0-957_35_1-0:1-3.el7
  • kpatch-patch-3_10_0-957_35_1-debuginfo-0:1-3.el7
  • kpatch-patch-3_10_0-957_35_2-0:1-2.el7
  • kpatch-patch-3_10_0-957_35_2-debuginfo-0:1-2.el7
  • kpatch-patch-3_10_0-957_38_1-0:1-1.el7
  • kpatch-patch-3_10_0-957_38_1-debuginfo-0:1-1.el7
  • kpatch-patch-3_10_0-957_38_2-0:1-1.el7
  • kpatch-patch-3_10_0-957_38_2-debuginfo-0:1-1.el7
  • kpatch-patch-3_10_0-957_38_3-0:1-1.el7
  • kpatch-patch-3_10_0-957_38_3-debuginfo-0:1-1.el7
refmap via4
misc
Last major update 29-01-2020 - 15:19
Published 16-01-2020 - 21:15
Last modified 29-01-2020 - 15:19
Back to Top