Linux Kernel Broadcom BCM4387 Wi-Fi PMK Handling Vulnerability

A vulnerability in the Linux kernel's handling of the Pairwise Master Key (PMK) for Broadcom Wi-Fi chipsets, specifically the BCM4387, has been addressed. The issue arose because the hex passphrase mechanism was incompatible with newer chips and firmware. The vulnerability allowed uninitialized stack contents to be leaked to the device. The kernel now passes the PMK in binary format, which is compatible with all chipsets, and clears the structure before transmission to prevent data leakage.

Impact

The vulnerability could lead to improper handling of the PMK, potentially causing authentication issues or allowing unauthorized access to Wi-Fi networks by mismanaging encryption keys.

Reproduction

The vulnerability can be reproduced by using a device with a Broadcom BCM4387 Wi-Fi chipset and attempting to set the PMK using the hex passphrase mechanism, which will not work correctly on this hardware. The previous method of passing the PMK in binary can be used to demonstrate the correct functionality, highlighting the issue with the hex conversion.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched kernel are available on the official Linux kernel website.