A critical out-of-bounds memory access vulnerability in the Linux kernel's brcmfmac driver could lead to system instability or arbitrary code execution.

This is an improper input validation vulnerability where the brcmf_fweh_handle_if_event() function fails to perform range checks on the bsscfgidx field before using it as an array index. The vulnerability is triggered when the host processes a crafted IF event from the Wi-Fi firmware, placing the attack surface at the firmware-host boundary.

Successful exploitation of this vulnerability could lead to a denial-of-service (system crash) or potentially allow a local attacker to escalate privileges by manipulating kernel memory. With a CVSS score of 8.8, this flaw represents a significant risk to the integrity and availability of Linux-based systems relying on Broadcom Wi-Fi hardware.

Immediate Action: Apply the latest kernel security updates provided by your distribution (e.g., SUSE or Red Hat). Fixed versions include kernel-source >= 6.4.0-150700.53.55.1 for supported SUSE distributions.

Proactive Monitoring: Monitor system logs for kernel panics or unexpected Wi-Fi driver resets that may indicate attempts to trigger an out-of-bounds access.

Compensating Controls: Ensure that systems are running with kernel hardening features enabled, such as Address Space Layout Randomization (ASLR) and stack canaries, to mitigate potential exploitation.

Public Exploit Available: false

Given the high CVSS score and the critical nature of the kernel-level impact, administrators should prioritize patching their Linux kernels. Organizations relying on Broadcom Wi-Fi chipsets must verify their kernel version against the provided security updates to ensure the bsscfgidx range check is properly implemented.