CVE-2024-46672 is a vulnerability identified in the Linux kernel's wireless networking stack, specifically affecting the brcmfmac driver which supports Broadcom FullMAC Wi-Fi chips. The issue arises from improper handling of SSID-based PMKSA (Pairwise Master Key Security Association) deletion commands sent by wpa_supplicant version 2.11 and later. Since commit 1efdba5fdc2c, wpa_supplicant sends SSID-based PMKSA deletion commands to the driver to handle SAE (Simultaneous Authentication of Equals) and OWE (Opportunistic Wireless Encryption) offload cases. However, the brcmfmac driver was not prepared to handle these SSID-based commands and attempts to dereference NULL pointers for BSSID and PMKID in the cfg80211_pmksa function. This leads to potential kernel null pointer dereference issues, which could cause system instability or crashes. The vulnerability stems from a mismatch between the wpa_supplicant's new behavior and the brcmfmac driver's handling of PMKSA operations, particularly in the context of PMKID_V3 operations that support SSID-based updates. The fix involves properly copying the SSID to prevent dereferencing NULL pointers. No known exploits are reported in the wild at the time of publication, and no CVSS score has been assigned yet.

For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with the affected brcmfmac driver and using wpa_supplicant 2.11 or later. The impact includes potential denial of service (DoS) conditions due to kernel crashes triggered by malformed or unexpected PMKSA deletion commands. This could disrupt wireless network connectivity, affecting operational continuity, especially in environments relying heavily on Wi-Fi connectivity for critical services. Confidentiality and integrity impacts are less direct but could arise if attackers leverage the DoS to facilitate further attacks or gain footholds during recovery phases. Organizations with extensive Linux-based infrastructure, including IoT devices, embedded systems, or enterprise servers using Broadcom Wi-Fi chipsets, are at higher risk. The lack of known exploits suggests limited immediate threat, but the vulnerability could be weaponized in targeted attacks or automated scanning campaigns once public details become widespread.

To mitigate this vulnerability, European organizations should: 1) Identify and inventory Linux systems using the brcmfmac driver and wpa_supplicant version 2.11 or later. 2) Apply the latest Linux kernel patches that address this issue as soon as they become available from trusted sources or vendor distributions. 3) Temporarily disable or restrict the use of Wi-Fi interfaces relying on the brcmfmac driver in sensitive environments if patching is delayed. 4) Monitor network and system logs for unusual PMKSA deletion commands or kernel errors related to cfg80211_pmksa. 5) Employ network segmentation to isolate vulnerable devices and limit exposure. 6) Engage with hardware and Linux distribution vendors to ensure timely updates and guidance. 7) Consider deploying host-based intrusion detection systems (HIDS) capable of detecting kernel crashes or anomalies related to wireless driver behavior.