Bug 1166116 (CVE-2019-9502)

Summary: VUL-0: CVE-2019-9502: broadcom-wl: heap buffer overflow in wlc_wpa_plumb_gtk of the Broadcom wl WiFi driver
Product: [Novell Products] SUSE Security Incidents Reporter: Wolfgang Frisch <wolfgang.frisch>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None    
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Wolfgang Frisch 2020-03-09 17:11:09 UTC 
CVE-2019-9502

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the
vendor information element data length is larger than 164 bytes, a heap buffer
overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by
sending specially-crafted WiFi packets, a remote, unauthenticated attacker may
be able to execute arbitrary code on a vulnerable system. More typically, this
vulnerability will result in denial-of-service conditions.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9502
https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html
https://kb.cert.org/vuls/id/166939/
Comment 1 Wolfgang Frisch 2020-03-09 17:12:38 UTC 
SUSE does not ship the broadcom-wl driver.