Broadcom WiFi chipset drivers were observed to comprise vulnerabilities impacting a couple of working systems and permitting potential attackers to execute arbitrary code remotely and to cause denial-of-carrier in line with a DHS/CISA alert and a CERT/CC vulnerability be aware.
Quarkslab’s intern Hugues Anguelkov turned into the one who mentioned five vulnerabilities he discovered inside the “Broadcom wl driving force and the open-supply brcmfmac driving force for Broadcom WiFi chipsets” even as reversing engineering and fuzzing Broadcom WiFi chips firmware.
As he found, “The Broadcom wl driving force is liable to two heap buffer overflows, and the open-supply brcmfmac driving force is vulnerable to a body validation bypass and a heap buffer overflow.”
Weakness Enumeration database describes heap buffer overflows within the CWE-122 access, stating that they are able to lead to system crashes or the impacted software program going into an endless loop, at the same time as additionally allowing attackers “to execute arbitrary code, which is normally out of doors the scope of a software’s implicit safety coverage” and bypassing protection offerings.
To underline the seriousness of the failings he located, Anguelkov says in his evaluation:
You can identify these chips nearly everywhere from smartphones to laptops, clever-TVs and IoT devices. You probably use one without knowing it, as an instance when you have a Dell computer, you’ll be using a bcm43224 or a bcm4352 card. It is also possible you operate a Broadcom WiFi chip when you have an iPhone, a Mac e-book, a Samsung smartphone or a Huawei cellphone, etc. Since these chips are so giant, they constitute an excessive fee goal to attackers and any vulnerability located in them must be considered to pose extreme danger.
As the CERT/CC vulnerability observe written by Trent Novelly explains, ability remote and unauthenticated attackers may want to make the most the Broadcom WiFi chipset driver vulnerabilities through sending maliciously-crafted WiFi packets to execute arbitrary code on inclined machines. However, as further specified by using Novelly, “More generally, those vulnerabilities will bring about denial-of-provider assaults.”
This is showed via Anguelkov who said that “Two of those vulnerabilities are a gift both in the Linux kernel and firmware of affected Broadcom chips. The most common exploitation situation ends in a far off denial of the provider. Although it is technically tough to gain, exploitation for far-flung code execution ought to no longer be discarded because of the worst-case scenario.”
CERT/CC vulnerability observe describes the four brcmfmac and Broadcom wl drivers vulnerabilities (tracked as CVE-2019-8564, CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, CVE-2019-9503) as follows:
