Broadcom WiFi chipset drivers have been found to contain vulnerabilities impacting multiple operating systems and allowing potential attackers to remotely execute arbitrary code and to trigger denial-of-service according to a DHS/CISA alert and a CERT/CC vulnerability note. Quarkslab's intern Hugues Anguelkov was the one who reported five vulnerabilities he found in the "Broadcom wl driver and the open-source brcmfmac driver for Broadcom WiFi chipsets" while reversing engineering and fuzzing Broadcom WiFi chips firmware. As he discovered, "The Broadcom wl driver is vulnerable to two heap buffer overflows, and the open-source brcmfmac driver is vulnerable to a frame validation bypass and a heap buffer overflow." The Common Weakness Enumeration database describes heap buffer overflows in the CWE-122 entry, stating that they can lead to system crashes or the impacted software going into an infinite loop, while also allowing attackers "to execute arbitrary code, which is usually outside the scope of a program's implicit security policy" and bypassing security services. As the CERT/CC vulnerability note written by Trent Novelly explains, potential remote and unauthenticated attackers could exploit the Broadcom WiFi chipset driver vulnerabilities by sending maliciously-crafted WiFi packets to execute arbitrary code on vulnerable machines. However, as further detailed by Novelly, "More typically, these vulnerabilities will result in denial-of-service attacks." Learn more by visiting OUR FORUM.