CVE-2019-15126

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
TOCTOU
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.1 LOW
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
appleipados
𝑥
< 13.2
appleiphone_os
𝑥
< 13.2
applemac_os_x
𝑥
< 10.15.1
broadcombcm4389_firmware
-
broadcombcm43012_firmware
-
broadcombcm43013_firmware
-
broadcombcm4375_firmware
-
broadcombcm43752_firmware
-
broadcombcm4356_firmware
-
𝑥
= Vulnerable software versions
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
bcm43xx-firmware-20180314
suse enterprise sap 12 SP5
4.6.1
fixed
suse enterprise server 12 SP4
4.6.1
fixed
suse enterprise server 12 SP5
4.6.1
fixed
kernel-azure
suse enterprise sap 12 SP5
4.12.14-16.85.1
fixed
suse enterprise server 12 SP5
4.12.14-16.85.1
fixed
kernel-azure-base
suse enterprise sap 12 SP5
4.12.14-16.85.1
fixed
suse enterprise server 12 SP5
4.12.14-16.85.1
fixed
kernel-default
suse enterprise sap 12 SP5
4.12.14-122.106.1
fixed
suse enterprise server 12 SP4
4.12.14-95.88.1
fixed
suse enterprise server 12 SP5
4.12.14-122.106.1
fixed
suse enterprise server 15
4.12.14-150.83.1
fixed
suse enterprise server 15 SP1
4.12.14-197.105.1
fixed
kernel-default-base
suse enterprise sap 12 SP5
4.12.14-122.106.1
fixed
suse enterprise server 12 SP4
4.12.14-95.88.1
fixed
suse enterprise server 12 SP5
4.12.14-122.106.1
fixed
suse enterprise server 15
4.12.14-150.83.1
fixed
suse enterprise server 15 SP1
4.12.14-197.105.1
fixed
kernel-default-man
suse enterprise sap 12 SP5
4.12.14-122.106.1
fixed
suse enterprise server 12 SP4
4.12.14-95.88.1
fixed
suse enterprise server 12 SP5
4.12.14-122.106.1
fixed
suse enterprise server 15
4.12.14-150.83.1
fixed
suse enterprise server 15 SP1
4.12.14-197.105.1
fixed
kernel-docs
suse enterprise server 15
4.12.14-150.83.1
fixed
suse enterprise server 15 SP1
4.12.14-197.105.1
fixed
kernel-firmware-20190618
suse enterprise sap 12 SP5
5.17.1
fixed
suse enterprise server 12 SP5
5.17.1
fixed
kernel-firmware-20200107
suse enterprise desktop 15 SP2
3.23.1
fixed
suse enterprise sap 15 SP2
3.23.1
fixed
suse enterprise server 15 SP2
3.23.1
fixed
kernel-macros
suse enterprise sap 12 SP5
4.12.14-122.106.1
fixed
suse enterprise server 12 SP4
4.12.14-95.88.1
fixed
suse enterprise server 12 SP5
4.12.14-122.106.1
fixed
suse enterprise server 15
4.12.14-150.83.1
fixed
suse enterprise server 15 SP1
4.12.14-197.105.1
fixed
kernel-obs-build
suse enterprise server 15
4.12.14-150.83.1
fixed
suse enterprise server 15 SP1
4.12.14-197.105.1
fixed
kernel-source
suse enterprise sap 12 SP5
4.12.14-122.106.1
fixed
suse enterprise server 12 SP4
4.12.14-95.88.1
fixed
suse enterprise server 12 SP5
4.12.14-122.106.1
fixed
suse enterprise server 15
4.12.14-150.83.1
fixed
suse enterprise server 15 SP1
4.12.14-197.105.1
fixed
kernel-source-azure
suse enterprise sap 12 SP5
4.12.14-16.85.1
fixed
suse enterprise server 12 SP5
4.12.14-16.85.1
fixed
kernel-syms
suse enterprise sap 12 SP5
4.12.14-122.106.1
fixed
suse enterprise server 12 SP4
4.12.14-95.88.1
fixed
suse enterprise server 12 SP5
4.12.14-122.106.1
fixed
suse enterprise server 15
4.12.14-150.83.1
fixed
suse enterprise server 15 SP1
4.12.14-197.105.1
fixed
kernel-syms-azure
suse enterprise sap 12 SP5
4.12.14-16.85.1
fixed
suse enterprise server 12 SP5
4.12.14-16.85.1
fixed
kernel-vanilla-base
suse enterprise server 15
4.12.14-150.83.1
fixed
reiserfs-kmp-default
suse enterprise server 15
4.12.14-150.83.1
fixed
suse enterprise server 15 SP1
4.12.14-197.105.1
fixed
ucode-amd-20190618
suse enterprise sap 12 SP5
5.17.1
fixed
suse enterprise server 12 SP5
5.17.1
fixed
ucode-amd-20200107
suse enterprise desktop 15 SP2
3.23.1
fixed
suse enterprise sap 15 SP2
3.23.1
fixed
suse enterprise server 15 SP2
3.23.1
fixed
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en
https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001
https://support.apple.com/kb/HT210721
https://support.apple.com/kb/HT210722
https://support.apple.com/kb/HT210788
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure
https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05
https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/
https://www.synology.com/security/advisory/Synology_SA_20_03
http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en
https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001
https://support.apple.com/kb/HT210721
https://support.apple.com/kb/HT210722
https://support.apple.com/kb/HT210788
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure
https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05
https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/
https://www.synology.com/security/advisory/Synology_SA_20_03