Broadpwn CVE-2017-3544 vulnerability

Is the Photon vulnerable to this recently reported issue with Broadcom BCM43XX chips?

Hi @bpr,

CVE-2017-3544 is an SMTP vulnerability in OpenJDK — definitely not applicable to the Photon.

The name “Broadpwn” has been given to CVE-2017-9417. I’ll look into it to find out whether we might be vulnerable. I’ll post a follow-up here.

Thanks for the heads-up!
Zachary

Took me a little digging to find a full description of the vulnerability:
https://blog.exodusintel.com/2017/07/26/broadpwn/

At first glance, I believe the Photon is not affected. The Photon contains a BCM43362. Nitay Artenstein, the discoverer of Broadpwn lists the affected chipsets as being for “high-end smartphones” — definitely a different feature set than the Photon. Here are the specific chipsets they listed:

  • BCM4339
  • BCM4354
  • BCM4358
  • BCM4359
  • BCM4361

As noted in Artenstein’s references, there was a related recent post by Gal Beniamini at Google Project zero. When that was published I talked to Gal and determined that the described bug was not directly applicable to the Photon.

If anyone finds that Broadpwn applies to the BCM43362, don’t hesitate to let me know.

Cheers!
Zachary

7 Likes