Vigil@nce - Linux kernel: buffer overflow via brcmf_cfg80211_start_ap
December 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a buffer overflow via
brcmf_cfg80211_start_ap() of the Linux kernel, in order to trigger
a denial of service, and possibly to run code.
– Impacted products: Linux, openSUSE, openSUSE Leap, SUSE Linux
Enterprise Desktop, SLES, Ubuntu.
– Severity: 2/4.
– Creation date: 17/10/2016.
DESCRIPTION OF THE VULNERABILITY
The Linux kernel supports Broadcom devices.
However, if the size of NL80211_CMD_START_AP data is greater than
the size of the storage array, an overflow occurs in the
brcmf_cfg80211_start_ap() function of the drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
file.
An attacker can therefore generate a buffer overflow via
brcmf_cfg80211_start_ap() of the Linux kernel, in order to trigger
a denial of service, and possibly to run code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Linux-kernel-buffer-overflow-via-brcmf-cfg80211-start-ap-20881