[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE-2022-3628: A USB-accessible buffer overflow in Linux kernel driver
From:       Demi Marie Obenour <demi () invisiblethingslab ! com>
Date:       2022-10-29 19:40:42
Message-ID: Y12Bu2dSDbwtLoB3 () itl-email
[Download RAW message or body]


On Sat, Oct 29, 2022 at 05:33:21PM +0900, Dokyung Song wrote:
> === Description ===
> 
> An intra-object buffer overflow was found in brcmfmac (an upstream
> Broadcom's USB Wi-Fi driver), which can be triggered by a malicious USB
> device.
> 
> As the object where the overflow could occur contains multiple function
> pointers (e.g., bus_reset.func), with knowledge of the code layout (i.e.,
> KASLR needs bypassing) the vulnerability could potentially be exploited by
> an attacker who controls USB messages. Without knowledge of the code
> layout, the consequence is a DoS.

Can this be exploited by means of e.g. partial function pointer
overwrites without having to bypass KASLR?
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]