{
  "id": "CVE-2023-47233",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-11-03T21:15:17.360",
  "lastModified": "2024-06-27T13:15:52.623",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c."
    },
    {
      "lang": "es",
      "value": "El componente brcm80211 en el kernel de Linux hasta 6.5.10 tiene un c\u00f3digo brcmf_cfg80211_detach use after free en el c\u00f3digo de desconexi\u00f3n del dispositivo (desconectar el USB mediante conexi\u00f3n en caliente). Para los atacantes f\u00edsicamente pr\u00f3ximos con acceso local, esto \"podr\u00eda explotarse en un escenario del mundo real\". Esto est\u00e1 relacionado con brcmf_cfg80211_escan_timeout_worker en drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "PHYSICAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "6.5.10",
              "matchCriteriaId": "ABB24C31-995D-4727-BA04-FF43EAFB2CF4"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216702",
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f7352557a35ab7888bc7831411ec8a3cbe20d78",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://lore.kernel.org/all/20231104054709.716585-1-zyytlz.wz%40163.com/",
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch"
      ]
    },
    {
      "url": "https://marc.info/?l=linux-kernel&m=169907678011243&w=2",
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch"
      ]
    }
  ]
}