CVE-2019-15126: 
Linux Kernel vulnerability analysis and mitigation

CVE-2019-15126, also known as Kr00k, is a vulnerability discovered in Broadcom Wi-Fi client devices that affects over a billion Wi-Fi-enabled devices. The vulnerability was discovered by ESET researchers and disclosed on February 27, 2020. It affects devices using Broadcom and Cypress Wi-Fi chips, causing network communication to be encrypted with an all-zero encryption key during specific state transitions (HelpNet Security).

The vulnerability manifests when Wi-Fi disassociations occur, which can happen naturally due to weak signals or can be manually triggered by an attacker. When a disassociation event is triggered, an affected device deletes the user-configured Pairwise Temporal Key (PTK) as part of cleanup operations, but Wi-Fi frames still buffered in the hardware egress queue could be transmitted while encrypted with a static, weak PTK. This leads to improper layer 2 Wi-Fi encryption, allowing potential information disclosure over the air for a discrete set of traffic (Cisco Advisory).

If successfully exploited, this vulnerability allows an attacker in Wi-Fi range to decrypt a limited number of network packets without knowing the WPA2 network password. The impact is limited to information exposure in the few data frames that can be decrypted by an attacker. The vulnerability does not compromise end-to-end (SSL) encryption, cannot be used to discover the original security key, inject data frames, cause buffer overflows, corrupt memory, or execute arbitrary code (Mist Security).

The primary mitigation for this vulnerability is to update affected devices with vendor-provided patches. Major device manufacturers including Apple, Cisco, and others have released security updates to address the vulnerability. For devices that cannot be updated, some vendors recommend disabling Wi-Fi functionality where possible. The vulnerability requires the attacker to be within Wi-Fi range of the target device (HelpNet Security).