SB20240621117 - Infinite loop in Linux kernel broadcom b43 driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Infinite loop (CVE-ID: CVE-2023-52644)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the b43_dma_tx() and b43_dma_handle_txstatus() functions in drivers/net/wireless/broadcom/b43/dma.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/1824f942527f784a19e01eac2d9679a21623d010
• https://git.kernel.org/stable/c/31aaf17200c336fe258b70d39c40645ae19d0240
• https://git.kernel.org/stable/c/49f067726ab01c87cf57566797a8a719badbbf08
• https://git.kernel.org/stable/c/04a2b6eff2ae1c19cb7f41e803bcbfaf94c06455
• https://git.kernel.org/stable/c/c67698325c68f8768db858f5c87c34823421746d
• https://git.kernel.org/stable/c/bc845e2e42cae95172c04bf29807c480f51a2a83
• https://git.kernel.org/stable/c/4049a9f80513a6739c5677736a4c88f96df1b436
• https://git.kernel.org/stable/c/f1cf77bb870046a6111a604f7f7fe83d1c8c9610
• https://git.kernel.org/stable/c/9636951e4468f02c72cc75a82dc65d003077edbc
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.311
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.214
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.153
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.273
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.23
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.11
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.2