PatchSiren cyber security CVE debrief

CVE-2023-47233 Linux CVE debrief

CVE-2023-47233 affects the Linux kernel’s brcm80211/brcmfmac code path handling device unplugging. NVD rates it 4.3 (medium) and describes it as a use-after-free that may be exploitable by a physically proximate attacker with local access. The issue was published on 2023-11-03 and later modified on 2026-05-12; no KEV entry is present in the supplied data.

Vendor: Linux
Product: CVE-2023-47233
CVSS: MEDIUM 4.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2023-11-03
Original CVE updated: 2026-05-12
Advisory published: 2023-11-03
Advisory updated: 2026-05-12

Who should care

Linux kernel maintainers, distribution security teams, embedded device vendors, and administrators of systems that use Broadcom brcm80211/brcmfmac wireless hardware—especially environments where attackers could physically access USB devices or the host.

Technical summary

NVD identifies a brcmf_cfg80211_detach use-after-free in the device unplugging/disconnect path, with related context in brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. The supplied CPE range marks Linux kernel versions through 6.5.10 as vulnerable, and the weakness is classified as CWE-416. The CVSS vector AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates a local, physically proximate attack with high availability impact and no confidentiality or integrity impact scored in the vector.

Defensive priority

Medium. This is not marked as KEV in the supplied data, but it affects kernel code and can be reached through a physical-device disconnect scenario, so patching and backport verification should be treated as important for exposed systems.

Recommended defensive actions

Upgrade to a kernel build that includes the upstream fix referenced by the supplied Linux commit link, or confirm your vendor has backported the fix.
Check whether your distribution’s security advisory covers this CVE and whether the fix is present in the exact kernel build you deploy.
Reduce physical access to systems where Broadcom brcm80211/brcmfmac hardware is present, especially hosts exposed to shared or unattended environments.
If you maintain affected kernel trees, review the upstream patch and ensure the unplug/disconnect lifecycle no longer permits use-after-free conditions.
Track vendor advisories and LTS notices for backported packages affecting your platform.

Evidence notes

All statements are limited to the supplied NVD record and linked official references. The vulnerable component, version boundary, weakness class, CVSS vector, and physical/local attack framing come from the NVD data. The upstream fix reference is the kernel commit linked in the source corpus, and vendor/distribution references are taken from the supplied advisory links. No exploit details, reproduction steps, or unverified claims are included.

Official resources

CVE-2023-47233 CVE record
CVE.org
CVE-2023-47233 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Issue Tracking, Third Party Advisory
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Mailing List, Patch
Mitigation or vendor reference
[email protected] - Mailing List, Patch
Source reference
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e

CVE published 2023-11-03 and modified 2026-05-12. The supplied data does not indicate KEV listing or ransomware campaign use.