CVE-2022-49740
📋 TL;DR
This vulnerability is an out-of-bounds read in the Broadcom FullMAC WiFi driver (brcmfmac) in the Linux kernel. It allows attackers to read kernel memory beyond allocated buffers, potentially exposing sensitive information or causing system crashes. Systems using affected Broadcom WiFi chipsets with vulnerable kernel versions are affected.
💻 Affected Systems
- Linux kernel with brcmfmac driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Information disclosure of kernel memory contents, potentially exposing sensitive data like encryption keys, passwords, or other system information. Could lead to kernel panic and system crash.
Likely Case
System instability, kernel crashes, or denial of service. Information disclosure is possible but requires specific conditions to extract useful data.
If Mitigated
Minimal impact with proper kernel hardening features like KASAN enabled, which would detect and prevent the out-of-bounds access.
🎯 Exploit Status
Requires ability to send malicious channel specification data to the WiFi driver, typically requiring local access or WiFi client proximity. Found via syzkaller fuzzing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 4920ab131b2dbae7464b72bdcac465d070254209, 9cf5e99c1ae1a85286a76c9a970202750538394c, b2e412879595821ff1b5545cbed5f108fba7f5b6, e4991910f15013db72f6ec0db7038ea67a57052e, f06de1bb6d61f0c18b0213bbc6298960037f9d42
Vendor Advisory: https://git.kernel.org/stable/c/4920ab131b2dbae7464b72bdcac465d070254209
Restart Required: No
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager to update kernel package (e.g., 'apt update && apt upgrade' for Debian/Ubuntu, 'yum update kernel' for RHEL/CentOS). 3. Rebuild kernel if using custom kernel with the patches applied.
🔧 Temporary Workarounds
Disable affected WiFi interface
allTemporarily disable the Broadcom WiFi interface to prevent exploitation
sudo ip link set wlan0 down
sudo rfkill block wifi
Use alternative WiFi driver
LinuxIf available, switch to a different WiFi driver for the Broadcom chipset
🧯 If You Can't Patch
- Implement network segmentation to isolate WiFi networks from critical systems
- Enable kernel hardening features like KASAN to detect and prevent out-of-bounds accesses
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if brcmfmac module is loaded: 'uname -r' and 'lsmod | grep brcmfmac'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is after fix commits or check if the brcmfmac driver version includes the patch📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- KASAN reports of slab-out-of-bounds reads
- System crashes related to brcmfmac driver
Network Indicators:
- Unusual WiFi disconnections
- WiFi interface instability
SIEM Query:
event_source="kernel" AND (message="KASAN: slab-out-of-bounds" OR message="brcmfmac" AND severity="critical")🔗 References
- https://git.kernel.org/stable/c/4920ab131b2dbae7464b72bdcac465d070254209
- https://git.kernel.org/stable/c/9cf5e99c1ae1a85286a76c9a970202750538394c
- https://git.kernel.org/stable/c/b2e412879595821ff1b5545cbed5f108fba7f5b6
- https://git.kernel.org/stable/c/e4991910f15013db72f6ec0db7038ea67a57052e
- https://git.kernel.org/stable/c/f06de1bb6d61f0c18b0213bbc6298960037f9d42
