search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Broadcom BCM4325 and BCM4329 wireless chipset denial-of-service vulnerability

Vulnerability Note VU#160027

Original Release Date: 2012-10-23 | Last Revised: 2013-01-28

Overview

Broadcom BCM4325 and BCM4329 wireless chipsets have been reported to contain an out-of-bounds read error condition that may be exploited to produce a denial-of-service condition.

Description

The CORE Security Technologies advisory states:

"An out-of-bounds read error condition exists in broadcom's BCM4325 and BCM4329 combo solutions firmware. This error can be leveraged to denial of service attack, and possibly information disclosure. An attacker can send a RSN (802.11i) information element, that causes the WiFi NIC to stop responding."

Broadcom's official response is:
"CORE Security Technologies has identified a Denial-of-Service (DoS) vulnerability in the firmware running on two prior generation Broadcom chips, the BCM4325 and BCM4329. Other Broadcom chips are not affected. This denial of service attack can cause an unpatched consumer electronics device to experience a WLAN service interruption. The vulnerability does not enable exposure of the consumer's data. Broadcom has firmware patches for its OEM customers to address the issue.

The vast majority of Broadcom's WLAN product portfolio is not subject to the DoS issue, including as examples:

      • Broadcom's subsequent generations of Mobility WLAN devices, e.g., BCM4330, BCM4334, BCM43241, BCM43340, BCM4335;
      • Broadcom's products for the PC and Media market, e.g., BCM4313, BCM43142, BCM43224, BCM43228, BCM4331, BCM43236, BCM4352, BCM43526, BCM4360;
      • Broadcom's Access Point WLAN devices and products, e.g., BCM4718, BCM535x, BCM4706;

Broadcom has been working with multiple customers providing information and fixes as required, and will continue to address security issues that may be identified."

Additional details can be found in the CORE Security Technologies advisory.

Impact

A remote attacker may be able to cause a denial-of-service condition against the WiFi network interface card.

Solution

Apply an Update

Users of devices with Broadcom BCM4325 or BCM4329 wireless chipsets should contact their vendor to acquire a patch.

Vendor Information

160027
 
Expand all

CVSS Metrics

Group Score Vector
Base 6.1 AV:A/AC:L/Au:N/C:N/I:N/A:C
Temporal 4.8 E:POC/RL:OF/RC:C
Environmental 4.8 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

http://www.coresecurity.com/content/broadcom-input-validation-BCM4325-BCM4329

Acknowledgements

Thanks to Andres Blanco and Matias Eissler for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: CVE-2012-2619
Date Public: 2012-10-23
Date First Published: 2012-10-23
Date Last Updated: 2013-01-28 21:00 UTC
Document Revision: 32

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis