CVE-2017-11120: Buffer Overflow

Q: What is CVE-2017-11120?

CVE-2017-11120 is a memory corruption issue in Wi-Fi chips that can be exploited by crafting a malformed RRM neighbor report frame.

Q: What is the severity of CVE-2017-11120?

CVE-2017-11120 has a severity rating of critical (9).

Q: How does CVE-2017-11120 affect Broadcom BCM4355C0 firmware version 9.44.78.27.0.1.56?

Broadcom BCM4355C0 firmware version 9.44.78.27.0.1.56 is affected by CVE-2017-11120 and is vulnerable to an internal buffer overflow triggered by a malformed RRM neighbor report frame.

Q: What is the remedy for CVE-2017-11120 on Apple tvOS 11?

CVE-2017-11120 can be fixed by upgrading Apple tvOS to version 11 or higher.

Q: Where can I find more information about CVE-2017-11120?

You can find more information about CVE-2017-11120 on the following references: http://packetstormsecurity.com/files/144328/Broadcom-802.11k-Neighbor-Report-Response-Out-Of-Bounds-Write.html, http://www.securityfocus.com/bid/100984, and https://bugs.chromium.org/p/project-zero/issues/detail?id=1289.

Published Sep 5, 2017

Updated

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204.

Other sources

Wi-Fi. A memory corruption issue was addressed with improved memory handling.

Credit

Gal Beniamini(Google Project Zero)

Affected Software

7 affected componentsFixes available

Apple tvOS<11

Google Android

Apple iOS<11

Broadcom Bcm4355c0 Firmware=9.44.78.27.0.1.56

Broadcom BCM4355C0

Apple iPhone OS<11.0

Apple tvOS<11.0

Event History

Sep 5, 2017

CVE Published

via Android·12:00 AM

Sep 27, 2017

CVE Published

via MITRE·05:00 PM

Data Sourced

via MITRE·05:00 PM

Description

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

CVE-2017-13832
CVE-2017-13829
CVE-2017-13833
CVE-2017-7083
CVE-2017-0381
CVE-2017-13825
CVE-2017-13815
CVE-2017-13828
CVE-2017-13830
CVE-2017-13814
CVE-2017-13831
CVE-2017-13817
CVE-2017-13818
CVE-2017-13836
CVE-2017-13841
CVE-2017-13840
CVE-2017-13842
CVE-2017-13782
CVE-2017-13843
CVE-2017-7114
CVE-2017-13854
CVE-2017-13834
CVE-2017-13873
CVE-2017-13813
CVE-2017-13816
CVE-2017-13812
CVE-2017-7086
CVE-2017-1000373
CVE-2016-9063
CVE-2017-9233
CVE-2017-9049
CVE-2017-5130
CVE-2017-7376
CVE-2017-9050
CVE-2017-13822
CVE-2017-7080
CVE-2017-10989
CVE-2017-7128
CVE-2017-7129
CVE-2017-7130
CVE-2017-7127
CVE-2017-7081
CVE-2017-7087
CVE-2017-7091
CVE-2017-7092
CVE-2017-7093
CVE-2017-7094
CVE-2017-7095
CVE-2017-7096
CVE-2017-7098
CVE-2017-7099
CVE-2017-7100
CVE-2017-7102
CVE-2017-7104
CVE-2017-7107
CVE-2017-7111
CVE-2017-7117
CVE-2017-7120
CVE-2017-7090
CVE-2017-7109
CVE-2017-11120
CVE-2017-11121
CVE-2017-7103
CVE-2017-7105
CVE-2017-7108
CVE-2017-7110
CVE-2017-7112
CVE-2017-7115
CVE-2017-7116
CVE-2017-11122
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843
CVE-2017-13863
CVE-2017-7131
CVE-2017-13821
CVE-2017-7088
CVE-2017-11103
CVE-2017-7072
CVE-2017-7140
CVE-2018-4302
CVE-2017-7148
CVE-2017-7078
CVE-2017-7097
CVE-2017-7118
CVE-2017-7133
CVE-2017-7075
CVE-2017-7139
CVE-2017-13806
CVE-2017-7132
CVE-2017-7085
CVE-2017-13877
CVE-2017-7146
CVE-2017-6211
CVE-2017-7145
CVE-2017-7089
CVE-2017-7106
CVE-2017-7144
CVE-2017-7142

Frequently Asked Questions

What is CVE-2017-11120?

CVE-2017-11120 is a memory corruption issue in Wi-Fi chips that can be exploited by crafting a malformed RRM neighbor report frame.

What is the severity of CVE-2017-11120?