Welcome to an important update from LinuxPatch concerning a recently discovered security flaw in the Linux Kernel, specifically CVE-2024-46672, which involves a medium-level threat to the brcmfmac driver, a part of the wireless management functionality. Here, we will go over what this vulnerability means, how it impacts users, and what measures can be taken to mitigate its effects.
The Linux kernel, an essential core of many computers and network devices operating on Linux, has a component known as the brcmfmac driver. This driver is crucial for handling communications over WiFi networks. It supports a broad spectrum of WiFi devices, particularly those using Broadcom's chipset solutions, making it a critical component for wireless internet connectivity on many Linux-powered computers and devices.
Recently, a specific flaw labeled CVE-2024-46672 was identified within this driver. This vulnerability was linked to the way the brcmfmac driver interacts with network settings and security protocols, particularly concerning how it manages SSID-based PMKID (Pairwise Master Key Identifier) operations. This issue was highlighted after updates to wpa_supplicant, a key software component managing network security in Linux, which began sending SSID-based PMKSA (Pairwise Master Key Security Association) deletion commands. The brcmfmac driver was not equipped to handle these commands properly, leading to potential dereferences of null pointers—an operation that could destabilize the system or leak sensitive information.
The problem starts when wpa_supplicant (version 2.11 and later, following the update 1efdba5fdc2c) sends PMKSA deletion commands based on SSID instead of relying on the previously used BSSID or PMKID specifics. The brcmfmac driver, expecting BSSID or PMKID as references, finds itself unprepared for this SSID-based input, leading to an attempted dereferencing of null pointers which it is unequipped to handle. Consequently, this flaw, if exploited, could disrupt network operations or expose network security settings to unauthorized access.
The overall risk presented by CVE-2024-46672 is considered medium, with a CVSS (Common Vulnerability Scoring System) score of 5.5. It primarily threatens to impact the stability and security of network connections, with potential risks including system crashes or unauthorized data access within compromised WiFi networks.
To address and safeguard against the vulnerability outlined in CVE-2024-46672, Linux users are advised to update their Linux kernel to the latest version where this flaw has been addressed. Users should ensure that their system's package manager is configured to receive and apply security updates automatically. Additionally, manual patching may be required for systems that are not set to update automatically, or that use a custom-configured kernel.
For network administrators and users who manage their WiFi settings manually, it is important to monitor the versions of both the Linux kernel and the wpa_supplicant software. Ensure that your systems are running wpa_supplicant version 2.11 or newer, and review your system logs periodically to detect any abnormal behaviors or unauthorized access attempts.
Although CVE-2024-46672 poses a moderate risk, proactive management and regular updates are key to ensuring that systems remain secure. By keeping abreast of updates and maintaining system software responsibly, Linux users can safeguard their devices against potential exploits stemming from this vulnerability. At LinuxPatch, we are committed to providing you with up-to-date and thorough information on such vulnerabilities as part of our service, empowering you to manage your technology securely and effectively.
Stay informed, stay secure, and remember, updating your system is the first line of defense against potential security threats.