Bug 1166116 (CVE-2019-9502)

Summary: VUL-0: CVE-2019-9502: broadcom-wl: heap buffer overflow in wlc_wpa_plumb_gtk of the Broadcom wl WiFi driver
Product: [Novell Products] SUSE Security Incidents Reporter: Wolfgang Frisch <wolfgang.frisch>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None    
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Wolfgang Frisch 2020-03-09 17:11:09 UTC

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the
vendor information element data length is larger than 164 bytes, a heap buffer
overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by
sending specially-crafted WiFi packets, a remote, unauthenticated attacker may
be able to execute arbitrary code on a vulnerable system. More typically, this
vulnerability will result in denial-of-service conditions.

Comment 1 Wolfgang Frisch 2020-03-09 17:12:38 UTC
SUSE does not ship the broadcom-wl driver.