Vulnerability Details : CVE-2017-7541
The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2017-7541
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Threat overview for CVE-2017-7541
Top countries where our scanners detected CVE-2017-7541
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2017-7541 21,242
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2017-7541!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2017-7541
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-7541
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-7541
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-7541
-
https://github.com/torvalds/linux/commit/8f44c9a41386729fea410e688959ddaa9d51be7c
brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() · torvalds/linux@8f44c9a · GitHubIssue Tracking;Patch;Third Party Advisory
-
http://openwall.com/lists/oss-security/2017/07/24/2
oss-security - CVE-2017-7541: Linux kernel: Memory corruption due to a buffer overflow in brcmf_cfg80211_mgmt_tx()Mailing List;Patch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1473198
1473198 – (CVE-2017-7541) CVE-2017-7541 kernel: Possible heap buffer overflow in brcmf_cfg80211_mgmt_tx()Issue Tracking;Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2930
RHSA-2017:2930 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.debian.org/security/2017/dsa-3927
Debian -- Security Information -- DSA-3927-1 linuxThird Party Advisory
-
http://www.debian.org/security/2017/dsa-3945
Debian -- Security Information -- DSA-3945-1 linuxThird Party Advisory
-
https://source.android.com/security/bulletin/2017-11-01
Android Security Bulletin—November 2017 | Android Open Source ProjectThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2863
RHSA-2017:2863 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2918
RHSA-2017:2918 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/bid/99955
Linux Kernel 'brcmf_cfg80211_mgmt_tx()' Function Local Memory Corruption VulnerabilityThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2017:2931
RHSA-2017:2931 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.novell.com/show_bug.cgi?id=1049645
Bug 1049645 – VUL-0: CVE-2017-7541 kernel: Heap buffer overflow in brcmf_cfg80211_mgmt_tx()Issue Tracking;Patch;Third Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.3
Release Notes;Vendor Advisory
-
https://www.spinics.net/lists/stable/msg180994.html
Patch "brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()" has been added to the 4.11-stable tree — Linux Stable Kernel UpdatesPatch;Third Party Advisory
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f44c9a41386729fea410e688959ddaa9d51be7c
kernel/git/torvalds/linux.git - Linux kernel source treeIssue Tracking;Patch;Third Party Advisory
-
http://www.securitytracker.com/id/1038981
Linux Kernel Buffer Overflow in brcmf_cfg80211_mgmt_tx() Lets Local Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
Jump to