In the Linux kernel, the following vulnerability has been resolved:
wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion
wpasupplicant 2.11 sends since 1efdba5fdc2c ("Handle PMKSA flush in the driver for SAE/OWE offload cases") SSID based PMKSA del commands. brcmfmac is not prepared and tries to dereference the NULL bssid and pmkid pointers in cfg80211pmksa. PMKID_V3 operations support SSID based updates so copy the SSID.
{ "vanir_signatures": [ { "deprecated": false, "signature_type": "Line", "target": { "file": "drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "129041429193745174566760357419166769300", "232497008754842859851586657377279741285", "143950719730805241086654554133113084538", "269853215248918103581672381907231522725", "340186769950725491341743458219262743310", "63773869086612191641821805787170050006" ], "threshold": 0.9 }, "id": "CVE-2024-46672-13a1bad8", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1f566eb912d192c83475a919331aea59619e1197" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "129041429193745174566760357419166769300", "232497008754842859851586657377279741285", "143950719730805241086654554133113084538", "269853215248918103581672381907231522725", "340186769950725491341743458219262743310", "63773869086612191641821805787170050006" ], "threshold": 0.9 }, "id": "CVE-2024-46672-9d1ed93e", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4291f94f8c6b01505132c22ee27b59ed27c3584f" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c", "function": "brcmf_pmksa_v3_op" }, "signature_version": "v1", "digest": { "length": 801.0, "function_hash": "102014703708907256529977331799625626313" }, "id": "CVE-2024-46672-b2f34b89", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1f566eb912d192c83475a919331aea59619e1197" }, { "deprecated": false, "signature_type": "Function", "target": { "file": "drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c", "function": "brcmf_pmksa_v3_op" }, "signature_version": "v1", "digest": { "length": 801.0, "function_hash": "102014703708907256529977331799625626313" }, "id": "CVE-2024-46672-e073c576", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4291f94f8c6b01505132c22ee27b59ed27c3584f" } ] }