Re: CVE-2022-3628: A USB-accessible buffer overflow in Linux kernel driver

[Demi Marie Obenour <demi () invisiblethingslab com>]

On Sat, Oct 29, 2022 at 05:33:21PM +0900, Dokyung Song wrote:
> === Description ===
>
> An intra-object buffer overflow was found in brcmfmac (an upstream
> Broadcom's USB Wi-Fi driver), which can be triggered by a malicious USB
> device.
>
> As the object where the overflow could occur contains multiple function
> pointers (e.g., bus_reset.func), with knowledge of the code layout (i.e.,
> KASLR needs bypassing) the vulnerability could potentially be exploited by
> an attacker who controls USB messages. Without knowledge of the code
> layout, the consequence is a DoS.

Can this be exploited by means of e.g. partial function pointer
overwrites without having to bypass KASLR?
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab

Attachment: signature.asc
Description: