CVE-2023-47233
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.
El componente brcm80211 en el kernel de Linux hasta 6.5.10 tiene un código brcmf_cfg80211_detach use after free en el código de desconexión del dispositivo (desconectar el USB mediante conexión en caliente). Para los atacantes físicamente próximos con acceso local, esto "podría explotarse en un escenario del mundo real". Esto está relacionado con brcmf_cfg80211_escan_timeout_worker en drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-11-03 CVE Reserved
- 2023-11-03 CVE Published
- 2023-11-15 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (6)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://lore.kernel.org/all/20231104054709.716585-1-zyytlz.wz%40163.com | 2024-06-27 | |
| https://marc.info/?l=linux-kernel&m=169907678011243&w=2 | 2024-06-27 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 6.5.10 Search vendor "Linux" for product "Linux Kernel" and version " <= 6.5.10" | - |
Affected
| ||||||