GSD-2023-47233

Vulnerability from gsd - Updated: 2023-12-13 01:20
Details
The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.
Aliases
Aliases
CVE-2023-47233
To clipboard 

{
  "GSD": {
    "alias": "CVE-2023-47233",
    "id": "GSD-2023-47233"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-47233"
      ],
      "details": "The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.",
      "id": "GSD-2023-47233",
      "modified": "2023-12-13T01:20:51.656022Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2023-47233",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.suse.com/show_bug.cgi?id=1216702",
            "refsource": "MISC",
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216702"
          },
          {
            "name": "https://marc.info/?l=linux-kernel\u0026m=169907678011243\u0026w=2",
            "refsource": "MISC",
            "url": "https://marc.info/?l=linux-kernel\u0026m=169907678011243\u0026w=2"
          },
          {
            "name": "https://lore.kernel.org/all/20231104054709.716585-1-zyytlz.wz@163.com/",
            "refsource": "MISC",
            "url": "https://lore.kernel.org/all/20231104054709.716585-1-zyytlz.wz@163.com/"
          },
          {
            "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f7352557a35ab7888bc7831411ec8a3cbe20d78",
            "refsource": "MISC",
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f7352557a35ab7888bc7831411ec8a3cbe20d78"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "ABB24C31-995D-4727-BA04-FF43EAFB2CF4",
                    "versionEndIncluding": "6.5.10",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this \"could be exploited in a real world scenario.\" This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c."
          },
          {
            "lang": "es",
            "value": "El componente brcm80211 en el kernel de Linux hasta 6.5.10 tiene un c\u00f3digo brcmf_cfg80211_detach use after free en el c\u00f3digo de desconexi\u00f3n del dispositivo (desconectar el USB mediante conexi\u00f3n en caliente). Para los atacantes f\u00edsicamente pr\u00f3ximos con acceso local, esto \"podr\u00eda explotarse en un escenario del mundo real\". Esto est\u00e1 relacionado con brcmf_cfg80211_escan_timeout_worker en drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c."
          }
        ],
        "id": "CVE-2023-47233",
        "lastModified": "2024-03-25T01:15:54.803",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 0.7,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2023-11-03T21:15:17.360",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking",
              "Third Party Advisory"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216702"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f7352557a35ab7888bc7831411ec8a3cbe20d78"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://lore.kernel.org/all/20231104054709.716585-1-zyytlz.wz%40163.com/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://marc.info/?l=linux-kernel\u0026m=169907678011243\u0026w=2"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-416"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.