nvd-json-data-feeds/CVE-2024/CVE-2024-358xx/CVE-2024-35811.json

{
  "id": "CVE-2024-35811",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-05-17T14:15:15.177",
  "lastModified": "2024-06-27T13:15:58.970",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach\n\nThis is the candidate patch of CVE-2023-47233 :\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-47233\n\nIn brcm80211 driver,it starts with the following invoking chain\nto start init a timeout worker:\n\n->brcmf_usb_probe\n  ->brcmf_usb_probe_cb\n    ->brcmf_attach\n      ->brcmf_bus_started\n        ->brcmf_cfg80211_attach\n          ->wl_init_priv\n            ->brcmf_init_escan\n              ->INIT_WORK(&cfg->escan_timeout_work,\n\t\t  brcmf_cfg80211_escan_timeout_worker);\n\nIf we disconnect the USB by hotplug, it will call\nbrcmf_usb_disconnect to make cleanup. The invoking chain is :\n\nbrcmf_usb_disconnect\n  ->brcmf_usb_disconnect_cb\n    ->brcmf_detach\n      ->brcmf_cfg80211_detach\n        ->kfree(cfg);\n\nWhile the timeout woker may still be running. This will cause\na use-after-free bug on cfg in brcmf_cfg80211_escan_timeout_worker.\n\nFix it by deleting the timer and canceling the worker in\nbrcmf_cfg80211_detach.\n\n[arend.vanspriel@broadcom.com: keep timer delete as is and cancel work just before free]"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: brcmfmac: corregido el error de use after free en brcmf_cfg80211_detach Este es el parche candidato de CVE-2023-47233: https://nvd.nist.gov/vuln/detail /CVE-2023-47233 En el controlador brcm80211, comienza con la siguiente cadena de invocaci\u00f3n para iniciar un trabajador de tiempo de espera: -&gt;brcmf_usb_probe -&gt;brcmf_usb_probe_cb -&gt;brcmf_attach -&gt;brcmf_bus_started -&gt;brcmf_cfg80211_attach -&gt;wl_init_priv -&gt;brcmf_init_escan -&gt;INIT_WORK(&amp;cfg -&gt;escan_timeout_work, brcmf_cfg80211_escan_timeout_worker); Si desconectamos el USB mediante hotplug, llamar\u00e1 a brcmf_usb_disconnect para realizar la limpieza. La cadena de invocaci\u00f3n es: brcmf_usb_disconnect -&gt;brcmf_usb_disconnect_cb -&gt;brcmf_detach -&gt;brcmf_cfg80211_detach -&gt;kfree(cfg); Mientras que el activador de tiempo de espera a\u00fan puede estar ejecut\u00e1ndose. Esto provocar\u00e1 un error de use after free en cfg en brcmf_cfg80211_escan_timeout_worker. Soluci\u00f3nelo eliminando el temporizador y cancelando el trabajador en brcmf_cfg80211_detach. [arend.vanspriel@broadcom.com: mantenga la eliminaci\u00f3n del temporizador tal como est\u00e1 y cancele el trabajo justo antes de liberarlo]"
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/0a7591e14a8da794d0b93b5d1c6254ccb23adacb",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/0b812f706fd7090be74812101114a0e165b36744",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/0f7352557a35ab7888bc7831411ec8a3cbe20d78",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/190794848e2b9d15de92d502b6ac652806904f5a",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/202c503935042272e2f9e1bb549d5f69a8681169",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/6678a1e7d896c00030b31491690e8ddc9a90767a",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/8c36205123dc57349b59b4f1a2301eb278cbc731",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/8e3f03f4ef7c36091f46e7349096efb5a2cdb3a1",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://git.kernel.org/stable/c/bacb8c3ab86dcd760c15903fcee58169bc3026aa",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    },
    {
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
    }
  ]
}
Auto-Update: 2024-05-17T16:00:40.407829+00:00 2024-05-17 16:03:32 +00:00			`{`
			`"id": "CVE-2024-35811",`
			`"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",`
			`"published": "2024-05-17T14:15:15.177",`
Auto-Update: 2024-06-27T14:00:19.731170+00:00 2024-06-27 14:03:13 +00:00			`"lastModified": "2024-06-27T13:15:58.970",`
Auto-Update: 2024-05-17T20:00:39.166471+00:00 2024-05-17 20:03:31 +00:00			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2024-07-14T02:00:17.787041+00:00 2024-07-14 02:06:08 +00:00			`"cveTags": [],`
Auto-Update: 2024-05-17T16:00:40.407829+00:00 2024-05-17 16:03:32 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach\n\nThis is the candidate patch of CVE-2023-47233 :\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-47233\n\nIn brcm80211 driver,it starts with the following invoking chain\nto start init a timeout worker:\n\n->brcmf_usb_probe\n ->brcmf_usb_probe_cb\n ->brcmf_attach\n ->brcmf_bus_started\n ->brcmf_cfg80211_attach\n ->wl_init_priv\n ->brcmf_init_escan\n ->INIT_WORK(&cfg->escan_timeout_work,\n\t\t brcmf_cfg80211_escan_timeout_worker);\n\nIf we disconnect the USB by hotplug, it will call\nbrcmf_usb_disconnect to make cleanup. The invoking chain is :\n\nbrcmf_usb_disconnect\n ->brcmf_usb_disconnect_cb\n ->brcmf_detach\n ->brcmf_cfg80211_detach\n ->kfree(cfg);\n\nWhile the timeout woker may still be running. This will cause\na use-after-free bug on cfg in brcmf_cfg80211_escan_timeout_worker.\n\nFix it by deleting the timer and canceling the worker in\nbrcmf_cfg80211_detach.\n\n[arend.vanspriel@broadcom.com: keep timer delete as is and cancel work just before free]"
Auto-Update: 2024-05-26T02:00:29.531128+00:00 2024-05-26 02:03:22 +00:00			`},`
			`{`
			`"lang": "es",`
			"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: brcmfmac: corregido el error de use after free en brcmf_cfg80211_detach Este es el parche candidato de CVE-2023-47233: https://nvd.nist.gov/vuln/detail /CVE-2023-47233 En el controlador brcm80211, comienza con la siguiente cadena de invocaci\u00f3n para iniciar un trabajador de tiempo de espera: ->brcmf_usb_probe ->brcmf_usb_probe_cb ->brcmf_attach ->brcmf_bus_started ->brcmf_cfg80211_attach ->wl_init_priv ->brcmf_init_escan ->INIT_WORK(&cfg ->escan_timeout_work, brcmf_cfg80211_escan_timeout_worker); Si desconectamos el USB mediante hotplug, llamar\u00e1 a brcmf_usb_disconnect para realizar la limpieza. La cadena de invocaci\u00f3n es: brcmf_usb_disconnect ->brcmf_usb_disconnect_cb ->brcmf_detach ->brcmf_cfg80211_detach ->kfree(cfg); Mientras que el activador de tiempo de espera a\u00fan puede estar ejecut\u00e1ndose. Esto provocar\u00e1 un error de use after free en cfg en brcmf_cfg80211_escan_timeout_worker. Soluci\u00f3nelo eliminando el temporizador y cancelando el trabajador en brcmf_cfg80211_detach. [arend.vanspriel@broadcom.com: mantenga la eliminaci\u00f3n del temporizador tal como est\u00e1 y cancele el trabajo justo antes de liberarlo]"
Auto-Update: 2024-05-17T16:00:40.407829+00:00 2024-05-17 16:03:32 +00:00			`}`
			`],`
			`"metrics": {},`
			`"references": [`
			`{`
			`"url": "https://git.kernel.org/stable/c/0a7591e14a8da794d0b93b5d1c6254ccb23adacb",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/0b812f706fd7090be74812101114a0e165b36744",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/0f7352557a35ab7888bc7831411ec8a3cbe20d78",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/190794848e2b9d15de92d502b6ac652806904f5a",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/202c503935042272e2f9e1bb549d5f69a8681169",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/6678a1e7d896c00030b31491690e8ddc9a90767a",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/8c36205123dc57349b59b4f1a2301eb278cbc731",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/8e3f03f4ef7c36091f46e7349096efb5a2cdb3a1",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/bacb8c3ab86dcd760c15903fcee58169bc3026aa",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
Auto-Update: 2024-06-25T23:55:18.952619+00:00 2024-06-25 23:58:14 +00:00			`},`
			`{`
			`"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
Auto-Update: 2024-06-27T14:00:19.731170+00:00 2024-06-27 14:03:13 +00:00			`},`
			`{`
			`"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",`
			`"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"`
Auto-Update: 2024-05-17T16:00:40.407829+00:00 2024-05-17 16:03:32 +00:00			`}`
			`]`
			`}`