From: Kalle Valo <kvalo@codeaurora.org>
To: Baptiste Jonglez <baptiste@bitsofnetworks.org>
Cc: openwrt-devel@lists.openwrt.org, ath10k@lists.infradead.org
Subject: Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
Date: Mon, 7 Sep 2020 15:46:18 +0000 [thread overview]
Message-ID: <01010174693f1d4b-1239b285-00f1-48af-af8e-2feba23e115f-000000@us-west-2.amazonses.com> (raw)
In-Reply-To: <20200829114833.GC574887@tuxmachine.localdomain> (Baptiste Jonglez's message of "Sat, 29 Aug 2020 13:48:33 +0200")
Baptiste Jonglez <baptiste@bitsofnetworks.org> writes:
> Hi,
>
> Cross-posting to openwrt-devel because we are backporting the necessary fixes.
>
> On 12-08-20, Jouni Malinen wrote:
>> On Wed, Aug 12, 2020 at 11:17:47AM +0200, Toke H?iland-J?rgensen wrote:
>> > Pali Roh?r <pali at kernel.org> writes:
>> > > Could somebody react and provide some details when fixes would be
>> > > available for ath9k and ath10k Linux drivers? And what is current state
>> > > of this issue for Linux?
>> > >
>> > > I'm looking at ath9k and ath10k git trees [1] [2] [3] and I do not see
>> > > there any change which could be related to CVE-2020-3702.
>> >
>> > How about these, from March:
>> >
>> > a0761a301746 ("mac80211: drop data frames without key on encrypted links")
>> > ce2e1ca70307 ("mac80211: Check port authorization in the
>> > ieee80211_tx_dequeue() case")
>> > b16798f5b907 ("mac80211: mark station unauthorized before key removal")
>>
>> Those cover most of the identified issues for drivers using mac80211
>> (e.g., ath9k and ath10k; though, I don't remember whether I actually
>> ever managed to reproduce this with ath10k in practice). I have couple
>> of additional ath9k-specific patches that cover additional lower layer
>> paths for this. I hope to get those out after confirming they work with
>> the current kernel tree snapshot.
>
> I could find linux-stable backports for ce2e1ca70307 and b16798f5b907, but
> not for a0761a301746. Is it intended? From the commit message, it looks
> like it does fix an important issue.
>
> Also, for the sake of completeness, this subsequent commit is also related
> to CVE-2020-3702 (and already backported):
>
> 5981fe5b0529 ("mac80211: fix misplaced while instead of if")
I think you should ask the stable to also take commit a0761a301746, most
likely they just missed it by accident.
--
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k
next prev parent reply other threads:[~2020-09-07 15:46 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-10 9:01 CVE-2020-3702: Firmware updates for ath9k and ath10k chips Pali Rohár
2020-08-12 8:36 ` Pali Rohár
2020-08-12 9:17 ` Toke Høiland-Jørgensen
2020-08-12 9:23 ` Jouni Malinen
2020-08-12 9:32 ` Michał Kazior
2020-08-29 11:48 ` Baptiste Jonglez
2020-09-07 15:46 ` Kalle Valo [this message]
2020-10-07 8:25 ` Pali Rohár
2020-12-07 14:04 ` Pali Rohár
2020-12-14 17:41 ` Jouni Malinen
2020-12-17 9:35 ` Pali Rohár
2020-08-12 9:31 ` Pali Rohár
2020-08-17 9:58 ` Kalle Valo
2020-08-17 10:36 ` Pali Rohár
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=01010174693f1d4b-1239b285-00f1-48af-af8e-2feba23e115f-000000@us-west-2.amazonses.com \
--to=kvalo@codeaurora.org \
--cc=ath10k@lists.infradead.org \
--cc=baptiste@bitsofnetworks.org \
--cc=openwrt-devel@lists.openwrt.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).