CVE-2023-1380Out-of-bounds Read in Kernel

CWE-125Out-of-bounds Read26 documents8 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 95.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelCanonical Ubuntu LinuxDebian Linux+1 more
Timeline
PublishedMar 27
Latest updateOct 30

Description

A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages4 packages

NVDlinux/linux_kernel3.2.14.14.315+7
Debianlinux/linux_kernel< 5.10.191-1+3
Ubuntulinux/linux_kernel< 4.4.0-243.277+3
CVEListV5linux/linux_kernelunknown

Also affects: Debian Linux 10.0, 11.0, Ubuntu Linux 14.04, 16.04, 18.04, 20.04, 22.04, Enterprise Linux 8.0, 9.0

Patches

Patch: bugzilla.redhat.comPatch: lore.kernel.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

6
OSV
linux vulnerabilities2023-10-30
OSV
Kernel Live Patch Security Notice2023-07-25
OSV
linux-oem-6.1 vulnerabilities2023-06-16
OSV
CVE-2023-1380: A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg802112023-03-27
GHSA
GHSA-r255-vm29-9xg5: A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg802112023-03-27

📋Vendor Advisories

17
Ubuntu
Linux kernel vulnerabilities2023-10-30
Ubuntu
Linux kernel (OEM) vulnerabilities2023-09-19
Ubuntu
Linux kernel (IoT) vulnerabilities2023-07-27
Ubuntu
Kernel Live Patch Security Notice2023-07-25
Ubuntu
Linux kernel (Xilinx ZynqMP) vulnerabilities2023-07-12

💬Community

1
Bugzilla
CVE-2023-1380 Kernel: a USB-accessible slab-out-of-bounds read in brcmfmac2023-03-13
CVE-2023-1380 — Out-of-bounds Read in Linux Kernel | cvebase