Broadcom WiFi chipset drivers have been found to contain vulnerabilities impacting multiple operating systems and allowing potential attackers to remotely execute arbitrary code and to trigger denial-of-service according to a
DHS/CISA alert and a
CERT/CC vulnerability note.
Quarkslab's intern Hugues Anguelkov was the one who reported five vulnerabilities he found in the "Broadcom wl driver and the open-source brcmfmac driver for Broadcom WiFi chipsets" while reversing engineering and fuzzing Broadcom WiFi chips firmware.
As he discovered, "The Broadcom wl driver is vulnerable to two heap buffer overflows, and the open-source brcmfmac driver is vulnerable to a frame validation bypass and a heap buffer overflow."
The Common Weakness Enumeration database describes heap buffer overflows in the
CWE-122 entry, stating that they can lead to system crashes or the impacted software going into an infinite loop, while also allowing attackers "to execute arbitrary code, which is usually outside the scope of a program's implicit security policy" and bypassing security services.
To underline the seriousness of the flaws he found, Anguelkov says in his analysis:
You can find these chips almost everywhere from smartphones to laptops, smart-TVs and IoT devices. You probably use one without knowing it, for example if you have a Dell laptop, you may be using a bcm43224 or a bcm4352 card. It is also likely you use a Broadcom WiFi chip if you have an iPhone, a Mac book, a Samsumg phone or a Huawei phone, etc. Since these chips are so widespread they constitute a high value target to attackers and any vulnerability found in them should be considered to pose high risk.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}