Broadcom WiFi chipset drivers were observed to contain vulnerabilities impacting more than one running system and allowing potential attackers to execute arbitrary code remotely and trigger denial-of-carrier according to a DHS/CISA alert and a CERT/CC vulnerability notice.
Quarkslab’s intern Hugues Anguelkov changed into the only one who said five vulnerabilities he found in the “Broadcom wl driver and the open-source brcmfmac driving force for Broadcom WiFi chipsets” time as reversing engineering and fuzzing Broadcom WiFi chips firmware.
As he observed, “The Broadcom wl driver is susceptible to heap buffer overflows, and the open-supply brcmfmac motive force is vulnerable to a body validation pass and a heap buffer overflow.”
The Common Weakness Enumeration database describes heap buffer overflows in the CWE-122 entry, declaring that they can cause device crashes or the impacted software going into an infinite loop, while additionally allowing attackers “to execute arbitrary code, that is commonly outdoor the scope of an application’s implicit security coverage” and bypassing security offerings.
To underline the seriousness of the flaws he located, Anguelkov says in his evaluation:
You can discover these chips almost anywhere from smartphones to laptops, smart-TVs, and IoT devices. You may use one without knowing it; for instance, if you have a Dell computer, you may use a bcm43224 or a bcm4352 card. It is likewise likely you use a Broadcom WiFi chip when you have an iPhone, a Mac e-book, a Samsung telephone, or a Huawei telephone, and so forth. Since those chips are so tremendous, they represent a high fee goal to attackers, and any vulnerability located in them should be considered to pose an excessive danger.
As the CERT/CC vulnerability notice written via Trent Novelly explains, potential faraway and unauthenticated attackers ought to utilize the Broadcom WiFi chipset driver vulnerabilities by sending maliciously-crafted WiFi packets to execute arbitrary code on vulnerable machines. However, as in addition, mainly using Novelly, “More usually, those vulnerabilities will result in denial-of-carrier attacks.”
This is shown by Anguelkov, who stated that “Two of those vulnerabilities are present each in the Linux kernel and firmware of affected Broadcom chips. The maximum commonplace exploitation situation results in a far-off denial of the provider. Although it is technically tough to reap, exploitation for far-off code execution must now not be discarded as the worst-case situation.”
CERT/CC vulnerability observe the four brcmfmac and Broadcom wl drivers vulnerabilities (tracked as CVE-2019-8564, CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, CVE-2019-9503) as follows:
With three days left for enterprise stakeholders to proportion their inputs at the draft e…