CVE-2024-46672

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-46672
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-46672.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-46672
Downstream
Related
Published
2024-09-11T15:14:01Z
Modified
2025-10-15T14:44:20.558083Z
Summary
wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion

wpasupplicant 2.11 sends since 1efdba5fdc2c ("Handle PMKSA flush in the driver for SAE/OWE offload cases") SSID based PMKSA del commands. brcmfmac is not prepared and tries to dereference the NULL bssid and pmkid pointers in cfg80211pmksa. PMKID_V3 operations support SSID based updates so copy the SSID.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a96202acaea47fa8377088e0952bb63bd02a3bab
Fixed
4291f94f8c6b01505132c22ee27b59ed27c3584f
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a96202acaea47fa8377088e0952bb63bd02a3bab
Fixed
1f566eb912d192c83475a919331aea59619e1197
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a96202acaea47fa8377088e0952bb63bd02a3bab
Fixed
2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.2
v6.10.3
v6.10.4
v6.10.5
v6.10.6
v6.11-rc1
v6.11-rc2
v6.2
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific 

{
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "129041429193745174566760357419166769300",
                    "232497008754842859851586657377279741285",
                    "143950719730805241086654554133113084538",
                    "269853215248918103581672381907231522725",
                    "340186769950725491341743458219262743310",
                    "63773869086612191641821805787170050006"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2024-46672-13a1bad8",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1f566eb912d192c83475a919331aea59619e1197"
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "target": {
                "file": "drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "129041429193745174566760357419166769300",
                    "232497008754842859851586657377279741285",
                    "143950719730805241086654554133113084538",
                    "269853215248918103581672381907231522725",
                    "340186769950725491341743458219262743310",
                    "63773869086612191641821805787170050006"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2024-46672-9d1ed93e",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4291f94f8c6b01505132c22ee27b59ed27c3584f"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c",
                "function": "brcmf_pmksa_v3_op"
            },
            "signature_version": "v1",
            "digest": {
                "length": 801.0,
                "function_hash": "102014703708907256529977331799625626313"
            },
            "id": "CVE-2024-46672-b2f34b89",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1f566eb912d192c83475a919331aea59619e1197"
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "file": "drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c",
                "function": "brcmf_pmksa_v3_op"
            },
            "signature_version": "v1",
            "digest": {
                "length": 801.0,
                "function_hash": "102014703708907256529977331799625626313"
            },
            "id": "CVE-2024-46672-e073c576",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4291f94f8c6b01505132c22ee27b59ed27c3584f"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.4.0
Fixed
6.6.48
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.10.7