Unrated severityNVD Advisory· Published Feb 5, 2020· Updated Aug 5, 2024

CVE-2019-15126

Description

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.

Affected products

113

Broadcom/Wi-Fi client devicesdescription
osv-coords112 versions
pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/kernel-firmware&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/kernel-vanilla&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.3 pkg:rpm/suse/bcm43xx-firmware&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/bcm43xx-firmware&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/bcm43xx-firmware&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/kernel-docs&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20Micro%205.0 pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-firmware&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-livepatch-SLE15-SP1_Update_28&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP1 pkg:rpm/suse/kernel-livepatch-SLE15_Update_27&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/kernel-syms&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5 pkg:rpm/suse/kernel-vanilla&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/kernel-vanilla&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/kernel-vanilla&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/kernel-vanilla&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/kgraft-patch-SLE12-SP4_Update_24&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP4 pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_27&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
< 4.12.14-197.105.1+ 111 more
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 20200107-lp152.2.9.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 20180314-4.6.1
- (no CPE)range: < 20180314-4.6.1
- (no CPE)range: < 20180314-4.6.1
- (no CPE)range: < 4.12.14-16.85.1
- (no CPE)range: < 4.12.14-16.85.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-95.88.1
- (no CPE)range: < 4.12.14-122.106.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-95.88.1
- (no CPE)range: < 4.12.14-122.106.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-95.88.1
- (no CPE)range: < 4.12.14-122.106.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-95.88.1
- (no CPE)range: < 4.12.14-122.106.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-122.106.1
- (no CPE)range: < 4.12.14-95.88.1
- (no CPE)range: < 4.12.14-95.88.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-122.106.1
- (no CPE)range: < 20200107-3.23.1
- (no CPE)range: < 20200107-3.23.1
- (no CPE)range: < 20190618-5.17.1
- (no CPE)range: < 20190618-5.17.1
- (no CPE)range: < 1-3.3.1
- (no CPE)range: < 1-1.5.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-122.106.1
- (no CPE)range: < 4.12.14-10.73.1
- (no CPE)range: < 4.12.14-10.73.1
- (no CPE)range: < 4.12.14-16.85.1
- (no CPE)range: < 4.12.14-16.85.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-95.88.1
- (no CPE)range: < 4.12.14-122.106.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-95.88.1
- (no CPE)range: < 4.12.14-122.106.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-95.88.1
- (no CPE)range: < 4.12.14-95.88.1
- (no CPE)range: < 4.12.14-10.73.1
- (no CPE)range: < 4.12.14-16.85.1
- (no CPE)range: < 4.12.14-16.85.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-95.88.1
- (no CPE)range: < 4.12.14-122.106.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-95.88.1
- (no CPE)range: < 4.12.14-122.106.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-95.88.1
- (no CPE)range: < 4.12.14-95.88.1
- (no CPE)range: < 4.12.14-10.73.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 4.12.14-197.105.1
- (no CPE)range: < 4.12.14-150.83.1
- (no CPE)range: < 1-6.5.1
- (no CPE)range: < 1-8.3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosuremitrevendor-advisoryx_refsource_CISCO
packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.htmlmitrex_refsource_MISC
www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txtmitrex_refsource_CONFIRM
www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-enmitrex_refsource_CONFIRM
www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-enmitrex_refsource_CONFIRM
cert-portal.siemens.com/productcert/pdf/ssa-712518.pdfmitrex_refsource_CONFIRM
psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001mitrex_refsource_CONFIRM
support.apple.com/kb/HT210721mitrex_refsource_CONFIRM
support.apple.com/kb/HT210722mitrex_refsource_CONFIRM
support.apple.com/kb/HT210788mitrex_refsource_CONFIRM
us-cert.cisa.gov/ics/advisories/icsa-20-224-05mitrex_refsource_MISC
www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/mitrex_refsource_CONFIRM
www.synology.com/security/advisory/Synology_SA_20_03mitrex_refsource_CONFIRM

News mentions

Supply chain dependencies: Have you checked your blind spot?
ESET WeLiveSecurity · Apr 16, 2026

cvss	0.000
epss	0.007
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000