oss-sec mailing list archives
Re: CVE-2022-3628: A USB-accessible buffer overflow in Linux kernel driver
From: Demi Marie Obenour <demi () invisiblethingslab com>
Date: Sat, 29 Oct 2022 15:40:42 -0400
On Sat, Oct 29, 2022 at 05:33:21PM +0900, Dokyung Song wrote:
=== Description === An intra-object buffer overflow was found in brcmfmac (an upstream Broadcom's USB Wi-Fi driver), which can be triggered by a malicious USB device. As the object where the overflow could occur contains multiple function pointers (e.g., bus_reset.func), with knowledge of the code layout (i.e., KASLR needs bypassing) the vulnerability could potentially be exploited by an attacker who controls USB messages. Without knowledge of the code layout, the consequence is a DoS.
Can this be exploited by means of e.g. partial function pointer overwrites without having to bypass KASLR? -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab
Attachment:
signature.asc
Description:
Current thread:
- CVE-2022-3628: A USB-accessible buffer overflow in Linux kernel driver Dokyung Song (Oct 29)
- Re: CVE-2022-3628: A USB-accessible buffer overflow in Linux kernel driver Demi Marie Obenour (Oct 29)