mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
2.3 KiB
2.3 KiB
CVE-2019-9500
Description
The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
POC
Reference
- https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html
- https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html
- https://kb.cert.org/vuls/id/166939/
- https://kb.cert.org/vuls/id/166939/
Github
- https://github.com/0xT11/CVE-POC
- https://github.com/ARPSyndicate/cvemon
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/kdn111/linux-kernel-exploitation
- https://github.com/khanhdn111/linux-kernel-exploitation
- https://github.com/khanhdz-06/linux-kernel-exploitation
- https://github.com/khanhdz191/linux-kernel-exploitation
- https://github.com/khanhhdz/linux-kernel-exploitation
- https://github.com/khanhhdz06/linux-kernel-exploitation
- https://github.com/khanhnd123/linux-kernel-exploitation
- https://github.com/knd06/linux-kernel-exploitation
- https://github.com/lnick2023/nicenice
- https://github.com/ndk191/linux-kernel-exploitation
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/ssr-111/linux-kernel-exploitation
- https://github.com/xairy/linux-kernel-exploitation
- https://github.com/xbl3/awesome-cve-poc_qazbnm456