Lenovo announced that a previously disclosed flaw in Broadcom Inc.'s Wi-Fi controller chips affects its ThinkPad...
product. What is the Broadcom flaw, and how can it be used by attackers?
Broadcom's Wi-Fi controller chips are vulnerable to a critical memory flaw. Attackers can exploit the Broadcom flaw to cause remote chip control or denial-of-service (DoS) attacks in the Lenovo ThinkPad. Gaining access to the memory in the chip is not required, and very little knowledge or skill is necessary to render all the radio resources useless.
The Broadcom flaw allows attackers to create a malformed Radio Resource Management (IEEE 802.11k) Neighbor Report frame that contains measurements of radio resources. Successful exploitation can trigger an internal buffer overflow in the Wi-Fi controller chips, enabling attackers to insert a backdoor into the chip's firmware (CVE-2017-11120). After gaining remote control, attackers can send a series of read/write commands through this backdoor, and then the internal buffer overflow will prevent clients from sending legitimate neighbor reports to each other.
Attackers can also use over-the-air Fast Transition, also known as Fast Roaming/Fast BSS Transition (IEEE 802.11r), frames to cause DoS problems by triggering heap or stack overflows (CVE-2017-11121). This protocol reduces the length of time it takes to re-establish connectivity between a laptop and the Wi-Fi infrastructure, as both the length of time it takes to re-connect to Wi-Fi and the interruptions visible to the human eye would cause the user to be suspicious.
By using heap and stack overflows in memory, the stack can either grow into the heap or overrun it. Some heap chucks are created when certain memory functions are freed after the initialization of the chip's firmware, while other data and patches to the memory can be adversely impacted.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Wireless network security
Related Q&A from Judith Myerson
Multiple Border Gateway Protocol vulnerabilities were found impacting security in the Quagga routing software. Expert Judith Myerson explains how ... Continue Reading
ICS-CERT issued a warning about a new vulnerability in Nortek Linear eMerge E3 products. Discover what this vulnerability is and how it affects ... Continue Reading
Threat actors exploited a critical Cisco firewall vulnerability that received a CVSS score of 10. Discover how this flaw works and how it was ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.