CVE-2023-53715
Description
In the Linux kernel, the following vulnerability has been resolved:
wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
Apparently the hex passphrase mechanism does not work on newer chips/firmware (e.g. BCM4387). It seems there was a simple way of passing it in binary all along, so use that and avoid the hexification.
OpenBSD has been doing it like this from the beginning, so this should work on all chips.
Also clear the structure before setting the PMK. This was leaking uninitialized stack contents to the device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's brcmfmac driver, a vulnerability allowed uninitialized stack data to be leaked to the device; fixed by passing PMK in binary and clearing the structure.
Vulnerability
Overview The brcmfmac WiFi driver in the Linux kernel mishandled PMK (Pairwise Master Key) passing by converting it to hex, which did not work on newer chips like BCM4387. Additionally, the structure was not cleared before setting the PMK, leading to leakage of uninitialized stack contents to the device.
Attack
Surface An attacker with local access or ability to trigger PMK configuration could exploit this information leak. The vulnerability is in the cfg80211 interface, so any user or process that can issue PMK-related commands could potentially trigger the leak.
Impact
The leak of uninitialized stack memory could expose sensitive kernel data to the device, potentially aiding in further exploitation.
Mitigation
The fix modifies the PMK handling to pass the key in binary form and clears the structure before use. This fix is applied in the stable kernel commits [1][2][3].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
81687845eb8f32bc34facb90c56c7e9c39bd54e8dc0e5c763e242c66f7ecff8a6c53ff1d92fa3a5226b0589b89e52153fVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- git.kernel.org/stable/c/1687845eb8f37360a9ee849a3587ab659b090773nvd
- git.kernel.org/stable/c/2bc34facb90ceeff6f8c17d2006575a6d07c3825nvd
- git.kernel.org/stable/c/2fa3a5226b05e0a797c68b9609dcebe0cd236b27nvd
- git.kernel.org/stable/c/4e8dc0e5c7636efaadbd7e488acd34b4291c0431nvd
- git.kernel.org/stable/c/56c7e9c39bd54fd753c0c4b1ed10278cbd3a5f02nvd
- git.kernel.org/stable/c/89b89e52153fda2733562776c7c9d9d3ebf8dd6dnvd
- git.kernel.org/stable/c/e242c66f7ecfe8f5b6eb308f4ea464fd8589c866nvd
- git.kernel.org/stable/c/f8a6c53ff1d91acd5a20eb627edbffd816eb9a4envd
News mentions
0No linked articles in our index yet.