Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 29 Oct 2022 17:33:21 +0900
From: Dokyung Song <dokyungs@...sei.ac.kr>
To: oss-security@...ts.openwall.com
Cc: Jisoo Jang <jisoo.jang@...sei.ac.kr>, Minsuk Kang <linuxlovemin@...sei.ac.kr>
Subject: CVE-2022-3628: A USB-accessible buffer overflow in Linux kernel driver

=== Description ===

An intra-object buffer overflow was found in brcmfmac (an upstream
Broadcom's USB Wi-Fi driver), which can be triggered by a malicious USB
device.

As the object where the overflow could occur contains multiple function
pointers (e.g., bus_reset.func), with knowledge of the code layout (i.e.,
KASLR needs bypassing) the vulnerability could potentially be exploited by
an attacker who controls USB messages. Without knowledge of the code
layout, the consequence is a DoS.

This vulnerability was assigned CVE-2022-3628.

=== Fix ===

A fix has been successfully reviewed by the maintainer (see below), so it
should appear upstream in the next few days.

https://lore.kernel.org/linux-wireless/10230673-8dbe-bf67-ba76-9f8cdc35faf3@gmail.com/T/#u

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.