CVE-2019-9503: Broadcom brcmfmac driver is vulnerable to a frame validation bypass
First published: Tue Feb 19 2019(Updated: )
If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and not be processed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a WiFi dongle). This can allow firmware event frames from a remote source to be processed and this can result in denial of service (DoS) condition.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1127.rt56.1093.el7 | 0:3.10.0-1127.rt56.1093.el7 |
| redhat/kernel | <0:3.10.0-1127.el7 | 0:3.10.0-1127.el7 |
| redhat/kernel | <0:3.10.0-1062.26.1.el7 | 0:3.10.0-1062.26.1.el7 |
| redhat/kernel-rt | <0:4.18.0-80.11.1.rt9.156.el8_0 | 0:4.18.0-80.11.1.rt9.156.el8_0 |
| redhat/kernel | <0:4.18.0-80.11.1.el8_0 | 0:4.18.0-80.11.1.el8_0 |
| IBM Data Risk Manager | <=2.0.6 | |
| Broadcom brcmfmac driver | ||
| Red Hat Enterprise Linux | =6.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 |
Remedy
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4176ec356c73a46c07c181c6d04039fafa34a9f
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2019-9503 https://nvd.nist.gov/vuln/detail/CVE-2019-9503 https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html#cve-2019-9503-remotely-sending-firmware-events-bypassing-is-wlc-event-frame https://kb.cert.org/vuls/id/166939/ https://www.bleepingcomputer.com/news/security/broadcom-wifi-driver-flaws-expose-computers-phones-iot-to-rce-attacks/
- https://bugzilla.redhat.com/show_bug.cgi?id=1701842
- https://access.redhat.com/errata/RHSA-2020:1070
- https://access.redhat.com/errata/RHSA-2020:1016
- https://access.redhat.com/errata/RHSA-2020:2522
- https://access.redhat.com/errata/RHSA-2019:2741
- https://access.redhat.com/errata/RHSA-2019:2703
- https://access.redhat.com/security/cve/CVE-2019-9503
- https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html
- https://bugzilla.suse.com/show_bug.cgi?id=1132828
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4176ec356c73a46c07c181c6d04039fafa34a9f
- https://kb.cert.org/vuls/id/166939/
- https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9503.html
- https://security-tracker.debian.org/tracker/CVE-2019-9503
- https://launchpad.net/bugs/cve/CVE-2019-9503
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=5b435de0d786869c95d1962121af0d7df2542009
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=a4176ec356c73a46c07c181c6d04039fafa34a9f
- https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html#cve-2019-9503-remotely-sending-firmware-events-bypassing-is-wlc-event-frame
- https://www.bleepingcomputer.com/news/security/broadcom-wifi-driver-flaws-expose-computers-phones-iot-to-rce-attacks/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1701843
- https://access.redhat.com/security/cve/CVE-2019-8564
- https://access.redhat.com/security/cve/cve-2019-9503
- https://exchange.xforce.ibmcloud.com/vulnerabilities/159643
- https://www.ibm.com/support/pages/node/6335281 (Advisory)
- https://git.kernel.org/linus/a4176ec356c73a46c07c181c6d04039fafa34a9f
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9503
- https://nvd.nist.gov/vuln/detail/CVE-2019-9503
- https://ubuntu.com/security/CVE-2019-9503
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2019-9503?
CVE-2019-9503 has been classified with a high severity rating due to potential remote code execution risks.
How do I fix CVE-2019-9503?
To mitigate CVE-2019-9503, update the system to the latest kernel version as specified in security advisories.
What systems are affected by CVE-2019-9503?
CVE-2019-9503 affects various versions of the Red Hat Enterprise Linux and specific Broadcom brcmfmac drivers.
Can CVE-2019-9503 lead to data breaches?
Yes, CVE-2019-9503 can potentially allow attackers to execute arbitrary code, which may result in data breaches.
Is there a patch available for CVE-2019-9503?
Yes, patches for CVE-2019-9503 are available through the respective software vendors, including those for Red Hat and IBM products.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-9503
- agent/weakness
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2019-8564
- alias/CVE-2019-9500
- alias/CVE-2019-9501
- alias/CVE-2019-9502
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/remedy
- agent/references
- agent/description
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/trending
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/source
- agent/tags
- agent/event
- agent/author
- agent/softwarecombine
- agent/news-ai
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/ibm
- canonical/ibm data risk manager
- version/ibm data risk manager/2.0.6
- vendor/broadcom
- canonical/broadcom brcmfmac driver
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/6.0
- version/red hat enterprise linux/7.0
- package-manager/debian