Description
Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.
References (6)
Core 6
Core References
Vendor Advisory x_refsource_misc
https://www.broadcom.com/support/resources/product-security-center
Third Party Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2019-05-01
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT210348
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Jul/22
Mailing List mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Aug/21
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Aug/11
Scores
CVSS v3
8.8
EPSS
0.0063
EPSS Percentile
70.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (50)
broadcom/bcm4335c0_firmware
2012-12-11
broadcom/bcm43438a1_firmware
2014-06-02
cypress/cyw20702a1kwfbg_firmware
cypress/cyw20702a1kwfbgt_firmware
cypress/cyw20702b0kwfbg_firmware
cypress/cyw20702b0kwfbgt_firmware
cypress/cyw20703ua1kffb1g_firmware
cypress/cyw20703ua1kffb1gt_firmware
cypress/cyw20704ua1kffb1g_firmware
cypress/cyw20704ua1kffb1gt_firmware
... and 40 more
Published
Jun 07, 2019
Tracked Since
Feb 18, 2026