Updated: 2025-03-06 19:36:56.593099
Description:
The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | MEDIUM | 4.3 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 4.3 | MEDIUM | Ignored | 2023-11-21 04:11:41 | ||
| CentOS 6 ELS | kernel | 2.6.32 | 4.3 | MEDIUM | Ignored | 2023-11-16 02:30:06 | ||
| CentOS 7 ELS | kernel | 3.10.0 | 4.3 | MEDIUM | Ignored | 2023-11-16 02:30:06 | ||
| CentOS 8.4 ELS | kernel | 4.18.0 | 4.3 | MEDIUM | Ignored | 2023-11-16 02:30:06 | ||
| CentOS 8.5 ELS | kernel | 4.18.0 | 4.3 | MEDIUM | Ignored | 2023-11-16 02:30:06 | ||
| CloudLinux 6 ELS | kernel | 2.6.32 | 4.3 | MEDIUM | Ignored | 2023-11-16 02:30:06 | ||
| Oracle Linux 6 ELS | kernel | 2.6.32 | 4.3 | MEDIUM | Ignored | 2023-11-16 04:08:04 | ||
| Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 4.3 | MEDIUM | Released | CLSA-2024:1716270851 | 2024-05-21 05:42:53 | |
| Ubuntu 16.04 ELS | linux | 4.4.0 | 4.3 | MEDIUM | Released | CLSA-2024:1716269479 | 2024-05-21 05:42:49 | |
| Ubuntu 18.04 ELS | linux | 4.15.0 | 4.3 | MEDIUM | Released | CLSA-2024:1716270232 | 2024-05-21 05:42:52 |