Unrated severityNVD Advisory· Published Jan 16, 2020· Updated Aug 4, 2024

Broadcom brcmfmac driver is vulnerable to a frame validation bypass

CVE-2019-9503

Description

The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

Affected products

118

osv-coords117 versions
pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/kernel-vanilla&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/kernel-vanilla&distro=openSUSE%20Leap%2015.1 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1 pkg:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012 pkg:rpm/suse/kernel-livepatch-SLE15-SP1_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP1 pkg:rpm/suse/kernel-livepatch-SLE15_Update_10&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP1 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP1 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/kernel-source&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP1 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/kernel-syms&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP1 pkg:rpm/suse/kernel-vanilla&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015 pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_33&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_33&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_29&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_29&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_29&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_29&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/kgraft-patch-SLE12-SP3_Update_25&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP3 pkg:rpm/suse/kgraft-patch-SLE12-SP4_Update_4&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP4 pkg:rpm/suse/lttng-modules&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/lttng-modules&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1
< 4.12.14-lp150.12.61.1+ 116 more
- (no CPE)range: < 4.12.14-lp150.12.61.1
- (no CPE)range: < 4.12.14-lp151.28.4.1
- (no CPE)range: < 4.12.14-lp150.12.61.1
- (no CPE)range: < 4.12.14-lp151.28.4.1
- (no CPE)range: < 4.12.14-lp150.12.61.1
- (no CPE)range: < 4.12.14-lp151.28.4.1
- (no CPE)range: < 4.12.14-lp150.12.61.1
- (no CPE)range: < 4.12.14-lp151.28.4.1
- (no CPE)range: < 4.12.14-lp150.12.61.1
- (no CPE)range: < 4.12.14-lp151.28.4.1
- (no CPE)range: < 4.12.14-lp150.12.61.1
- (no CPE)range: < 4.12.14-lp151.28.4.1
- (no CPE)range: < 4.12.14-lp150.12.61.1
- (no CPE)range: < 4.12.14-lp151.28.4.1
- (no CPE)range: < 4.12.14-lp150.12.61.1
- (no CPE)range: < 4.12.14-lp151.28.4.1
- (no CPE)range: < 4.12.14-lp150.12.61.1
- (no CPE)range: < 4.12.14-lp151.28.4.1
- (no CPE)range: < 4.12.14-5.27.1
- (no CPE)range: < 4.12.14-6.12.1
- (no CPE)range: < 4.12.14-6.12.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.178-94.91.2
- (no CPE)range: < 4.12.14-95.16.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.178-94.91.2
- (no CPE)range: < 4.12.14-95.16.1
- (no CPE)range: < 4.12.14-150.17.1
- (no CPE)range: < 4.12.14-197.4.1
- (no CPE)range: < 4.12.14-150.17.1
- (no CPE)range: < 4.12.14-197.4.1
- (no CPE)range: < 4.12.14-150.17.1
- (no CPE)range: < 4.12.14-197.4.1
- (no CPE)range: < 4.12.14-150.17.1
- (no CPE)range: < 4.12.14-197.4.1
- (no CPE)range: < 3.12.74-60.64.110.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.178-94.91.2
- (no CPE)range: < 4.12.14-95.16.1
- (no CPE)range: < 3.12.74-60.64.110.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.178-94.91.2
- (no CPE)range: < 4.12.14-95.16.1
- (no CPE)range: < 4.4.178-94.91.2
- (no CPE)range: < 4.12.14-95.16.1
- (no CPE)range: < 4.12.14-150.17.1
- (no CPE)range: < 4.12.14-197.4.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.12.14-150.17.1
- (no CPE)range: < 4.12.14-197.4.1
- (no CPE)range: < 4.4.178-94.91.2
- (no CPE)range: < 4.12.14-95.16.1
- (no CPE)range: < 3.12.74-60.64.110.1
- (no CPE)range: < 1-3.3.1
- (no CPE)range: < 1-1.3.1
- (no CPE)range: < 4.12.14-150.17.1
- (no CPE)range: < 4.12.14-197.4.1
- (no CPE)range: < 4.4.178-94.91.1
- (no CPE)range: < 4.12.14-95.16.1
- (no CPE)range: < 4.12.14-14.8.1
- (no CPE)range: < 4.12.14-14.8.1
- (no CPE)range: < 4.12.14-5.27.1
- (no CPE)range: < 4.12.14-6.12.1
- (no CPE)range: < 4.12.14-6.12.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.178-94.91.1
- (no CPE)range: < 4.12.14-95.16.1
- (no CPE)range: < 4.12.14-150.17.1
- (no CPE)range: < 4.12.14-197.4.1
- (no CPE)range: < 4.12.14-150.17.1
- (no CPE)range: < 4.12.14-197.4.1
- (no CPE)range: < 3.12.74-60.64.110.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.178-94.91.1
- (no CPE)range: < 4.12.14-95.16.1
- (no CPE)range: < 3.12.74-60.64.110.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.178-94.91.1
- (no CPE)range: < 4.12.14-95.16.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.12.14-14.8.1
- (no CPE)range: < 4.12.14-5.27.1
- (no CPE)range: < 4.12.14-6.12.1
- (no CPE)range: < 4.12.14-6.12.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.178-94.91.1
- (no CPE)range: < 4.12.14-95.16.1
- (no CPE)range: < 4.12.14-150.17.1
- (no CPE)range: < 4.12.14-197.4.1
- (no CPE)range: < 3.12.74-60.64.110.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.178-94.91.1
- (no CPE)range: < 4.12.14-95.16.1
- (no CPE)range: < 3.12.74-60.64.110.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.4.178-94.91.1
- (no CPE)range: < 4.12.14-95.16.1
- (no CPE)range: < 4.4.121-92.109.2
- (no CPE)range: < 4.12.14-14.8.1
- (no CPE)range: < 4.12.14-150.17.1
- (no CPE)range: < 3.12.74-60.64.110.1
- (no CPE)range: < 3.12.74-60.64.110.1
- (no CPE)range: < 4.12.14-150.17.1
- (no CPE)range: < 4.12.14-197.4.1
- (no CPE)range: < 1-2.3.1
- (no CPE)range: < 1-2.3.1
- (no CPE)range: < 1-3.5.2
- (no CPE)range: < 1-3.5.2
- (no CPE)range: < 1-3.5.2
- (no CPE)range: < 1-3.5.2
- (no CPE)range: < 1-4.3.1
- (no CPE)range: < 1-6.3.1
- (no CPE)range: < 2.7.0-4.4.1
- (no CPE)range: < 2.7.0-4.4.1
Broadcom/brcmfmac WiFi driverv5
Range: commit prior to a4176ec356c73a46c07c181c6d04039fafa34a9f

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.htmlmitrex_refsource_MISC
bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
bugzilla.suse.com/show_bug.cgimitrex_refsource_MISC
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/mitrex_refsource_MISC
kb.cert.org/vuls/id/166939/mitrex_refsource_MISC
people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9503.htmlmitrex_refsource_MISC
security-tracker.debian.org/tracker/CVE-2019-9503mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000