VYPR
← All advisories
High severity7.8NVD Advisory· Published Jul 25, 2017· Updated May 13, 2026

CVE-2017-7541

CVE-2017-7541

Description

The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A buffer overflow in brcmf_cfg80211_mgmt_tx() in Linux kernel before 4.12.3 allows local users to cause a denial of service or potentially gain privileges via crafted NL80211_CMD_FRAME Netlink packet.

Vulnerability

The vulnerability is a buffer overflow in the brcmf_cfg80211_mgmt_tx() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. It affects Linux kernels from v3.9-rc1 to v4.13-rc1, before the fix in version 4.12.3 [2]. The function is reachable when the system has a Broadcom wireless driver (brcmfmac) loaded and a local user sends a crafted NL80211_CMD_FRAME Netlink packet [1][2].

Exploitation

An attacker must be a local user with the ability to send Netlink messages [2]. The attacker sends a specially crafted NL80211_CMD_FRAME packet via netlink to the kernel, triggering the overflow in brcmf_cfg80211_mgmt_tx() [2]. No special privileges beyond local access are required, but the brcmfmac driver must be active [2].

Impact

Successful exploitation results in kernel memory corruption, leading to a system crash (denial of service) [2]. While privilege escalation is theoretically possible due to the memory corruption, it is considered unlikely by Red Hat [2]. The primary impact is a local denial of service vulnerability, but arbitrary code execution cannot be entirely ruled out [2].

Mitigation

The vulnerability is fixed in Linux kernel version 4.12.3 [2]. Red Hat has released updates: RHSA-2017:2930 for RHEL 7, RHSA-2017:2863 for RHEL 6, and RHSA-2017:2931 [1][2][3]. Android devices with Broadcom wireless chipsets are also affected; the November 2017 Android Security Bulletin addresses this issue [4]. Users should apply the appropriate kernel updates from their distribution.

References
  1. https://access.redhat.com/errata/RHSA-2017:2930
  2. https://access.redhat.com/errata/RHSA-2017:2863
  3. https://access.redhat.com/errata/RHSA-2017:2931
  4. Android Security Bulletin—November 2017

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

58

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

16

News mentions

0

No linked articles in our index yet.