CVE-2016-8658 - OpenCVE

Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:P/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ded89912156b1a47d940a0c954c43afbabd0c42c
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5
http://www.openwall.com/lists/oss-security/2016/10/13/1
http://www.securityfocus.com/bid/93541
http://www.ubuntu.com/usn/USN-3145-1
http://www.ubuntu.com/usn/USN-3145-2
http://www.ubuntu.com/usn/USN-3146-1
http://www.ubuntu.com/usn/USN-3146-2
https://bugzilla.redhat.com/show_bug.cgi?id=1384403
https://github.com/torvalds/linux/commit/ded89912156b1a47d940a0c954c43afbabd0c42c
https://nvd.nist.gov/vuln/detail/CVE-2016-8658
https://www.cve.org/CVERecord?id=CVE-2016-8658

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-10-16T21:00:00

Updated: 2024-08-06T02:27:41.301Z

Reserved: 2016-10-13T00:00:00

Link: CVE-2016-8658

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-10-16T21:59:13.147

Modified: 2017-01-07T03:00:43.790

Link: CVE-2016-8658

Redhat

Severity : Low

Publid Date: 2016-09-07T00:00:00Z

Links: CVE-2016-8658 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-09-07T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-04T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-3146-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3146-2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/ded89912156b1a47d940a0c954c43afbabd0c42c"}, {"name": "USN-3146-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3146-1"}, {"name": "USN-3145-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3145-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ded89912156b1a47d940a0c954c43afbabd0c42c"}, {"name": "[oss-security] 20161013 Re: CVE Request -- Broadcom Wifi Driver Brcmfmac brcmf_cfg80211_start_ap Buffer Overflow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/10/13/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384403"}, {"name": "USN-3145-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3145-2"}, {"name": "93541", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93541"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-8658", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-3146-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3146-2"}, {"name": "https://github.com/torvalds/linux/commit/ded89912156b1a47d940a0c954c43afbabd0c42c", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/ded89912156b1a47d940a0c954c43afbabd0c42c"}, {"name": "USN-3146-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3146-1"}, {"name": "USN-3145-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3145-1"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ded89912156b1a47d940a0c954c43afbabd0c42c", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ded89912156b1a47d940a0c954c43afbabd0c42c"}, {"name": "[oss-security] 20161013 Re: CVE Request -- Broadcom Wifi Driver Brcmfmac brcmf_cfg80211_start_ap Buffer Overflow", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/13/1"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1384403", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384403"}, {"name": "USN-3145-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3145-2"}, {"name": "93541", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93541"}, {"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:27:41.301Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3146-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3146-2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/ded89912156b1a47d940a0c954c43afbabd0c42c"}, {"name": "USN-3146-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3146-1"}, {"name": "USN-3145-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3145-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ded89912156b1a47d940a0c954c43afbabd0c42c"}, {"name": "[oss-security] 20161013 Re: CVE Request -- Broadcom Wifi Driver Brcmfmac brcmf_cfg80211_start_ap Buffer Overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/10/13/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384403"}, {"name": "USN-3145-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3145-2"}, {"name": "93541", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93541"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-8658", "datePublished": "2016-10-16T21:00:00", "dateReserved": "2016-10-13T00:00:00", "dateUpdated": "2024-08-06T02:27:41.301Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C613BBC-9849-4519-86AE-ECB4BBC32BD7", "versionEndIncluding": "4.7.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n brcmf_cfg80211_start_ap en drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c en el kernel de Linux en versiones anteriores a 4.7.5 permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda de sistema) o tener otro posible impacto no especificado a trav\u00e9s de un SSID Information Element largo en un comando a un socket Netlink."}], "id": "CVE-2016-8658", "lastModified": "2017-01-07T03:00:43.790", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 5.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-16T21:59:13.147", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ded89912156b1a47d940a0c954c43afbabd0c42c"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2016/10/13/1"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/93541"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3145-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3145-2"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3146-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3146-2"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384403"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/torvalds/linux/commit/ded89912156b1a47d940a0c954c43afbabd0c42c"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: Stack buffer overflow in brcmf_cfg80211_start_ap", "id": "1384403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384403"}, "csaw": false, "cvss": {"cvss_base_score": "5.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:C", "status": "draft"}, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "draft"}, "cwe": "CWE-121", "details": ["Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket.", "Stack-based buffer overflow in the brcmf_cfg80211_start_ap() function in 'drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c' in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket."], "name": "CVE-2016-8658", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Will not fix", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2016-09-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-8658\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8658"], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low"}