CVE-2023-47233 - OpenCVE

The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://bugzilla.suse.com/show_bug.cgi?id=1216702
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f7352557a35ab7888bc7831411ec8a3cbe20d78
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://lore.kernel.org/all/20231104054709.716585-1-zyytlz.wz%40163.com/
https://lore.kernel.org/all/20231104054709.716585-1-zyytlz.wz@163.com/
https://marc.info/?l=linux-kernel&m=169907678011243&w=2
https://nvd.nist.gov/vuln/detail/CVE-2023-47233
https://www.cve.org/CVERecord?id=CVE-2023-47233

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-11-03T00:00:00

Updated: 2024-08-02T21:09:35.699Z

Reserved: 2023-11-03T00:00:00

Link: CVE-2023-47233

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-11-03T21:15:17.360

Modified: 2024-06-27T13:15:52.623

Link: CVE-2023-47233

Redhat

Severity : Low

Publid Date: 2023-11-03T00:00:00Z

Links: CVE-2023-47233 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-47233", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T21:09:35.699Z", "dateReserved": "2023-11-03T00:00:00", "datePublished": "2023-11-03T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-27T12:11:46.076791"}, "descriptions": [{"lang": "en", "value": "The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216702"}, {"url": "https://marc.info/?l=linux-kernel&m=169907678011243&w=2"}, {"url": "https://lore.kernel.org/all/20231104054709.716585-1-zyytlz.wz%40163.com/"}, {"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f7352557a35ab7888bc7831411ec8a3cbe20d78"}, {"name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"name": "[debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:09:35.699Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1216702", "tags": ["x_transferred"]}, {"url": "https://marc.info/?l=linux-kernel&m=169907678011243&w=2", "tags": ["x_transferred"]}, {"url": "https://lore.kernel.org/all/20231104054709.716585-1-zyytlz.wz%40163.com/", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f7352557a35ab7888bc7831411ec8a3cbe20d78", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"name": "[debian-lts-announce] 20240627 [SECURITY] [DLA 3840-1] linux security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}]}]}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ABB24C31-995D-4727-BA04-FF43EAFB2CF4", "versionEndIncluding": "6.5.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c."}, {"lang": "es", "value": "El componente brcm80211 en el kernel de Linux hasta 6.5.10 tiene un c\u00f3digo brcmf_cfg80211_detach use after free en el c\u00f3digo de desconexi\u00f3n del dispositivo (desconectar el USB mediante conexi\u00f3n en caliente). Para los atacantes f\u00edsicamente pr\u00f3ximos con acceso local, esto \"podr\u00eda explotarse en un escenario del mundo real\". Esto est\u00e1 relacionado con brcmf_cfg80211_escan_timeout_worker en drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c."}], "id": "CVE-2023-47233", "lastModified": "2024-06-27T13:15:52.623", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-03T21:15:17.360", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216702"}, {"source": "cve@mitre.org", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f7352557a35ab7888bc7831411ec8a3cbe20d78"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch"], "url": "https://lore.kernel.org/all/20231104054709.716585-1-zyytlz.wz%40163.com/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch"], "url": "https://marc.info/?l=linux-kernel&m=169907678011243&w=2"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: Use after free in brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c", "id": "2248430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248430"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.", "A use-after-free issue was found in the brcm80211 component in the Linux kernel, which may be triggered by a physical attacker while disconnecting a device."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, prevent module brcmfmac from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."}, "name": "CVE-2023-47233", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-11-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-47233\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-47233\nhttps://lore.kernel.org/all/20231104054709.716585-1-zyytlz.wz@163.com/"], "statement": "Considered Low impact, because requires physical access to trigger while disconnecting a device and affects availability only.", "threat_severity": "Low"}