|
Message-ID: <CAM5P+QTzZEywndb2H1=hce+ahtz1TsrsJZEM6ZuKEmFM4ozL8Q@mail.gmail.com> Date: Sat, 29 Oct 2022 17:33:21 +0900 From: Dokyung Song <dokyungs@...sei.ac.kr> To: oss-security@...ts.openwall.com Cc: Jisoo Jang <jisoo.jang@...sei.ac.kr>, Minsuk Kang <linuxlovemin@...sei.ac.kr> Subject: CVE-2022-3628: A USB-accessible buffer overflow in Linux kernel driver === Description === An intra-object buffer overflow was found in brcmfmac (an upstream Broadcom's USB Wi-Fi driver), which can be triggered by a malicious USB device. As the object where the overflow could occur contains multiple function pointers (e.g., bus_reset.func), with knowledge of the code layout (i.e., KASLR needs bypassing) the vulnerability could potentially be exploited by an attacker who controls USB messages. Without knowledge of the code layout, the consequence is a DoS. This vulnerability was assigned CVE-2022-3628. === Fix === A fix has been successfully reviewed by the maintainer (see below), so it should appear upstream in the next few days. https://lore.kernel.org/linux-wireless/10230673-8dbe-bf67-ba76-9f8cdc35faf3@gmail.com/T/#u
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.