CVSS: 8.8EPSS: 0%CPEs: 126EXPL: 0CVE-2018-19860
https://notcve.org/view.php?id=CVE-2018-19860
Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command. Fue encontrada una Vulnerabilidad en el firmware de Broadcom anterior al verano 2014 en Nexus 5 BCM4335C0 11-12-2012, Raspberry PI 3 BCM43438A1 02-06-2014 y otros dispositivos sin especificar, no restringe correctamente los comandos LMP y ejecuta ciertos contenidos de memoria al recibir un comando LMP, como es demostrado al ejecutar un comando HCI. • http://seclists.org/fulldisclosure/2019/Aug/11 http://seclists.org/fulldisclosure/2019/Jul/22 https://seclists.org/bugtraq/2019/Aug/21 https://source.android.com/security/bulletin/2019-05-01 https://support.apple.com/kb/HT210348 https://www.broadcom.com/support/resources/product-security-center • CWE-732: Incorrect Permission Assignment for Critical Resource •