Back to all manufacturers
Broadcom
Broadcom is affected by vulnerabilities that affect all Android manufacturers in addition to those listed below.
(json)
- CVE numbers: CVE-2016-0801 [Bulletin-CVE-2016-0801]
- Coordinated disclosure?: unknown
- Categories: Remote Code Execution Vulnerability in Broadcom Wi-Fi Driver
- Details: The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029. [NIST-CVE-2016-0801]
- Discovered by: on: Unknown
- Reported on: 2016-02-01 [Bulletin-CVE-2016-0801]
- Fixed on: 2015-11-30 [ANDROID-25662029]
- Fix released on: Unknown
- Affected versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0801] regex: (4.4.4)|(5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
- Affected devices:
- Affected manufacturers: Broadcom [Bulletin-CVE-2016-0801]
- Fixed versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0801]
- Submission: by: Daniel Carter, on: 2019-07-29
(json)
- CVE numbers: CVE-2016-0802 [Bulletin-CVE-2016-0802]
- Coordinated disclosure?: unknown
- Categories: Remote Code Execution Vulnerability in Broadcom Wi-Fi Driver
- Details: The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25306181. [NIST-CVE-2016-0802]
- Discovered by: on: Unknown
- Reported on: 2016-02-01 [Bulletin-CVE-2016-0802]
- Fixed on: 2015-12-09 [ANDROID-25306181]
- Fix released on: Unknown
- Affected versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0802] regex: (4.4.4)|(5.0.[0-9])|(5.1.1)|(6.0.[0-9])|(6.0.1)
- Affected devices:
- Affected manufacturers: Broadcom [Bulletin-CVE-2016-0802]
- Fixed versions: 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 [Bulletin-CVE-2016-0802]
- Submission: by: Daniel Carter, on: 2019-07-29
(json)
- CVE numbers: CVE-2017-0430 [Bulletin-CVE-2017-0430]
- Coordinated disclosure?: unknown
- Categories: Elevation of privilege vulnerability in Broadcom Wi-Fi driver
- Details: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32838767. References: B-RB#107459. [NIST-CVE-2017-0430]
- Discovered by: on: Unknown
- Reported on: 2017-02-01 [Bulletin-CVE-2017-0430]
- Fixed on: Unknown
- Fix released on: Unknown
- Affected versions: regex:
- Affected devices:
- Affected manufacturers: Broadcom [Bulletin-CVE-2017-0430]
- Fixed versions:
- Submission: by: Daniel Carter, on: 2019-07-26
(json)
- CVE numbers: CVE-2017-0509 [Bulletin-CVE-2017-0509]
- Coordinated disclosure?: unknown
- Categories: Elevation of privilege vulnerability in Broadcom Wi-Fi driver
- Details: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32124445. References: B-RB#110688. [NIST-CVE-2017-0509]
- Discovered by: pjf of IceSword Lab, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2017-0509] on: Unknown
- Reported on: 2017-03-01 [Bulletin-CVE-2017-0509]
- Fixed on: Unknown
- Fix released on: Unknown
- Affected versions: regex:
- Affected devices:
- Affected manufacturers: Broadcom [Bulletin-CVE-2017-0509]
- Fixed versions:
- Submission: by: Daniel Carter, on: 2019-07-26
(json)
- CVE numbers: CVE-2017-0561 [Bulletin-CVE-2017-0561]
- Coordinated disclosure?: unknown
- Categories: Remote code execution vulnerability in Broadcom Wi-Fi firmware
- Details: A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814. [NIST-CVE-2017-0561]
- Discovered by: Gal Beniamini of Project Zero [Discovery-CVE-2017-0561] on: Unknown
- Reported on: 2017-04-01 [Bulletin-CVE-2017-0561]
- Fixed on: Unknown
- Fix released on: Unknown
- Affected versions: regex:
- Affected devices:
- Affected manufacturers: Broadcom [Bulletin-CVE-2017-0561]
- Fixed versions:
- Submission: by: Daniel Carter, on: 2019-07-26
(json)
(json)
- CVE numbers: CVE-2017-11120 [Bulletin-CVE-2017-11120]
- Coordinated disclosure?: unknown
- Categories: Broadcom components
- Details: On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204. [NIST-CVE-2017-11120]
- Discovered by: on: Unknown
- Reported on: 2017-09-01 [Bulletin-CVE-2017-11120]
- Fixed on: Unknown
- Fix released on: Unknown
- Affected versions: regex:
- Affected devices:
- Affected manufacturers: Broadcom [Bulletin-CVE-2017-11120]
- Fixed versions:
- Submission: by: Daniel Carter, on: 2019-07-26
(json)
- CVE numbers: CVE-2017-11121 [Bulletin-CVE-2017-11121]
- Coordinated disclosure?: unknown
- Categories: Broadcom components
- Details: On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205. [NIST-CVE-2017-11121]
- Discovered by: on: Unknown
- Reported on: 2017-09-01 [Bulletin-CVE-2017-11121]
- Fixed on: Unknown
- Fix released on: Unknown
- Affected versions: regex:
- Affected devices:
- Affected manufacturers: Broadcom [Bulletin-CVE-2017-11121]
- Fixed versions:
- Submission: by: Daniel Carter, on: 2019-07-26
(json)
- CVE numbers: CVE-2017-7065 [Bulletin-CVE-2017-7065]
- Coordinated disclosure?: unknown
- Categories: Broadcom components
- Details: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows remote attackers to execute arbitrary code (on the Wi-Fi chip) or cause a denial of service (memory corruption) by leveraging proximity for 802.11. [NIST-CVE-2017-7065]
- Discovered by: on: Unknown
- Reported on: 2017-09-01 [Bulletin-CVE-2017-7065]
- Fixed on: Unknown
- Fix released on: Unknown
- Affected versions: regex:
- Affected devices:
- Affected manufacturers: Broadcom [Bulletin-CVE-2017-7065]
- Fixed versions:
- Submission: by: Daniel Carter, on: 2019-07-26
(json)
- CVE numbers: CVE-2017-13292 [Bulletin-CVE-2017-13292]
- Coordinated disclosure?: unknown
- Categories: Broadcom components
- Details: In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-70722061. References: B-V2018010201. [NIST-CVE-2017-13292]
- Discovered by: Daxing Guo of Tencent's Xuanwu Lab [Discovery-CVE-2017-13292] on: Unknown
- Reported on: 2018-04-01 [Bulletin-CVE-2017-13292]
- Fixed on: Unknown
- Fix released on: 2018-04-05 [Bulletin-CVE-2017-13292]
- Affected versions: regex:
- Affected devices:
- Affected manufacturers: Broadcom [Bulletin-CVE-2017-13292]
- Fixed versions:
- Submission: by: Daniel Carter, on: 2019-07-25
(json)
