oss-sec mailing list archives
CVE-2022-3628: A USB-accessible buffer overflow in Linux kernel driver
From: Dokyung Song <dokyungs () yonsei ac kr>
Date: Sat, 29 Oct 2022 17:33:21 +0900
=== Description === An intra-object buffer overflow was found in brcmfmac (an upstream Broadcom's USB Wi-Fi driver), which can be triggered by a malicious USB device. As the object where the overflow could occur contains multiple function pointers (e.g., bus_reset.func), with knowledge of the code layout (i.e., KASLR needs bypassing) the vulnerability could potentially be exploited by an attacker who controls USB messages. Without knowledge of the code layout, the consequence is a DoS. This vulnerability was assigned CVE-2022-3628. === Fix === A fix has been successfully reviewed by the maintainer (see below), so it should appear upstream in the next few days. https://lore.kernel.org/linux-wireless/10230673-8dbe-bf67-ba76-9f8cdc35faf3 () gmail com/T/#u
Current thread:
- CVE-2022-3628: A USB-accessible buffer overflow in Linux kernel driver Dokyung Song (Oct 29)
- Re: CVE-2022-3628: A USB-accessible buffer overflow in Linux kernel driver Demi Marie Obenour (Oct 29)