CVE-2022-3628: A USB-accessible buffer overflow in Linux kernel driver

[Dokyung Song <dokyungs () yonsei ac kr>]

=== Description ===

An intra-object buffer overflow was found in brcmfmac (an upstream
Broadcom's USB Wi-Fi driver), which can be triggered by a malicious USB
device.

As the object where the overflow could occur contains multiple function
pointers (e.g., bus_reset.func), with knowledge of the code layout (i.e.,
KASLR needs bypassing) the vulnerability could potentially be exploited by
an attacker who controls USB messages. Without knowledge of the code
layout, the consequence is a DoS.

This vulnerability was assigned CVE-2022-3628.

=== Fix ===

A fix has been successfully reviewed by the maintainer (see below), so it
should appear upstream in the next few days.

https://lore.kernel.org/linux-wireless/10230673-8dbe-bf67-ba76-9f8cdc35faf3 () gmail com/T/#u