CVE-2019-15126

Name of the Vulnerable Software and Affected Versions Broadcom and Cypress Wi-Fi chips (affected versions not specified)

Description The issue is related to errors in synchronization when using a shared resource in Wi-Fi chipsets from Broadcom. This can allow a remote attacker to gain unauthorized access to protected information. The vulnerability, known as Kr00k, affects the encryption of Wi-Fi devices, allowing unauthorized decryption of some WPA2-encrypted traffic. It is estimated to affect over a billion Wi-Fi devices, including those from major manufacturers such as Apple, Xiaomi, Google, and Samsung. The problem encompasses FullMAC chips, which are used in a wide range of consumer devices, from smartphones to smart speakers and wireless access points.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.