Request a Quote
English
EnglishDeutschFrançaisItalia한국의العربيةTürk diliSuomipolskiNederlandČeština繁体中文Български езикΕλλάδαTiếng ViệtSlovenskáSvenskaIndonesiaDanskMagyarországעִבְרִיתрусскийPortuguêsGaeilgeاردوБеларусьPilipinoHrvatskaromânescMelayuKongeriketSlovenijaภาษาไทยУкраїнаespañolMaoriहिंदीفارسی
Request Quote
Home > News > Broadcom Wi-Fi Chipset Driver with Multiple Security Vulnerabilities

News

Broadcom Wi-Fi Chipset Driver with Multiple Security Vulnerabilities

  The US Computer Network Crisis Management and Coordination Center (CERT/CC) warned this week that the Wl and Brcmfmac drivers used in Broadcom's Wi-Fi chipset contain multiple security vulnerabilities that would allow hackers to perform service blocking attacks. It can even execute any program from the far end, and it will plague products such as Apple, Synology and Zyxel.


According to CERT/CC, the open source driver brcmfmac contains two security vulnerabilities, CVE-2019-9503 and CVE-2019-9500. The former is a framework verification bypass vulnerability that will allow hackers to remotely transmit firmware event frames and Through the framework verification, the latter is a stacked buffer overflow vulnerability. When the Wake-up function of Wireless LAN is enabled, the vulnerability can be triggered by transmitting a malicious event frame, which can exploit the chipset to harm the host, or combine with CVE. -2019-9503 Vulnerability to perform a remote attack.

Brcmfmac is only used on Broadcom's FullMAC chipset.

As for the Wl driver developed by Broadcom, there are two security vulnerabilities, 2019-9501 and 2019-9502, which are all stack buffer overflow vulnerabilities. If you provide a long vendor information element, you will Triggers related vulnerabilities.

If the SoftMAC chipset is installed with Wl, the related vulnerability will be triggered on the core of the host. If Wl is installed in FullMAC, the vulnerability is triggered on the firmware of the chipset.

The above vulnerabilities will only cause service blocking in most cases, but hackers may also execute arbitrary programs from the far end by transmitting malicious Wi-Fi packets.

Hugues Anguelkov, who discovered the related vulnerability, said that Broadcom is one of the world's largest manufacturers of Wi-Fi devices, selling 43 series of wireless chips around the world, which are embedded in mobile phones, laptops, smart TVs or IoT devices. Users may not even know if they use Broadcom chips. If you use iPhone, Mac, Samsung or Huawei phones, then you probably use Broadcom's Wi-Fi chips. Because they are very popular, they also Make any vulnerabilities should be considered high risk.

Currently only the vulnerabilities of the brcmfmac driver have been fixed, and it is not certain whether other vendors have been patched.