From: "Toke Høiland-Jørgensen" <toke@redhat.com>
To: "Pali Rohár" <pali@kernel.org>,
ath10k@lists.infradead.org, ath9k-devel@qca.qualcomm.com,
linux-wireless@vger.kernel.org,
"Kalle Valo" <kvalo@codeaurora.org>
Subject: Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
Date: Wed, 12 Aug 2020 11:17:47 +0200 [thread overview]
Message-ID: <87lfik1av8.fsf@toke.dk> (raw)
In-Reply-To: <20200812083600.6zxdf5pfktdzggd6@pali>
Pali Rohár <pali@kernel.org> writes:
> On Monday 10 August 2020 11:01:26 Pali Rohár wrote:
>> Hello!
>>
>> ESET engineers on their blog published some information about new
>> security vulnerability CVE-2020-3702 in ath9k wifi cards:
>> https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
>>
>> According to Qualcomm security bulletin this CVE-2020-3702 affects also
>> some Qualcomm IPQ chips which are handled by ath10k driver:
>> https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin#_cve-2020-3702
>>
>> Kalle, could you or other people from Qualcomm provide updated and fixed
>> version of ath9k and ath10k firmwares in linux-firmware git repository?
>>
>> According to Qualcomm security bulletin this issue has Critical security
>> rating, so I think fixed firmware files should be updated also in stable
>> releases of linux distributions.
>
> Hello!
>
> Qualcomm has already sent following statement to media:
>
> Qualcomm has already made mitigations available to OEMs in May 2020,
> and we encourage end users to update their devices as patches have
> become available from OEMs.
>
> And based on information from ESET blog post, Qualcomm's proprietary
> driver for these wifi cards is fixed since Qualcomm July release.
>
> Could somebody react and provide some details when fixes would be
> available for ath9k and ath10k Linux drivers? And what is current state
> of this issue for Linux?
>
> I'm looking at ath9k and ath10k git trees [1] [2] [3] and I do not see
> there any change which could be related to CVE-2020-3702.
How about these, from March:
a0761a301746 ("mac80211: drop data frames without key on encrypted links")
ce2e1ca70307 ("mac80211: Check port authorization in the ieee80211_tx_dequeue() case")
b16798f5b907 ("mac80211: mark station unauthorized before key removal")
-Toke
_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k
WARNING: multiple messages have this Message-ID (diff)
From: "Toke Høiland-Jørgensen" <toke@redhat.com>
To: "Pali Rohár" <pali@kernel.org>,
ath10k@lists.infradead.org, ath9k-devel@qca.qualcomm.com,
linux-wireless@vger.kernel.org,
"Kalle Valo" <kvalo@codeaurora.org>
Subject: Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
Date: Wed, 12 Aug 2020 11:17:47 +0200 [thread overview]
Message-ID: <87lfik1av8.fsf@toke.dk> (raw)
In-Reply-To: <20200812083600.6zxdf5pfktdzggd6@pali>
Pali Rohár <pali@kernel.org> writes:
> On Monday 10 August 2020 11:01:26 Pali Rohár wrote:
>> Hello!
>>
>> ESET engineers on their blog published some information about new
>> security vulnerability CVE-2020-3702 in ath9k wifi cards:
>> https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
>>
>> According to Qualcomm security bulletin this CVE-2020-3702 affects also
>> some Qualcomm IPQ chips which are handled by ath10k driver:
>> https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin#_cve-2020-3702
>>
>> Kalle, could you or other people from Qualcomm provide updated and fixed
>> version of ath9k and ath10k firmwares in linux-firmware git repository?
>>
>> According to Qualcomm security bulletin this issue has Critical security
>> rating, so I think fixed firmware files should be updated also in stable
>> releases of linux distributions.
>
> Hello!
>
> Qualcomm has already sent following statement to media:
>
> Qualcomm has already made mitigations available to OEMs in May 2020,
> and we encourage end users to update their devices as patches have
> become available from OEMs.
>
> And based on information from ESET blog post, Qualcomm's proprietary
> driver for these wifi cards is fixed since Qualcomm July release.
>
> Could somebody react and provide some details when fixes would be
> available for ath9k and ath10k Linux drivers? And what is current state
> of this issue for Linux?
>
> I'm looking at ath9k and ath10k git trees [1] [2] [3] and I do not see
> there any change which could be related to CVE-2020-3702.
How about these, from March:
a0761a301746 ("mac80211: drop data frames without key on encrypted links")
ce2e1ca70307 ("mac80211: Check port authorization in the ieee80211_tx_dequeue() case")
b16798f5b907 ("mac80211: mark station unauthorized before key removal")
-Toke
next prev parent reply other threads:[~2020-08-12 9:20 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-10 9:01 CVE-2020-3702: Firmware updates for ath9k and ath10k chips Pali Rohár
2020-08-10 9:01 ` Pali Rohár
2020-08-12 8:36 ` Pali Rohár
2020-08-12 8:36 ` Pali Rohár
2020-08-12 9:17 ` Toke Høiland-Jørgensen [this message]
2020-08-12 9:17 ` Toke Høiland-Jørgensen
2020-08-12 9:23 ` Jouni Malinen
2020-08-12 9:23 ` Jouni Malinen
2020-08-12 9:32 ` Michał Kazior
2020-08-12 9:32 ` Michał Kazior
2020-08-29 11:48 ` Baptiste Jonglez
2020-09-07 15:46 ` Kalle Valo
2020-10-07 8:25 ` Pali Rohár
2020-10-07 8:25 ` Pali Rohár
2020-12-07 14:04 ` Pali Rohár
2020-12-07 14:04 ` Pali Rohár
2020-12-14 17:41 ` Jouni Malinen
2020-12-14 17:41 ` Jouni Malinen
2020-12-17 9:35 ` Pali Rohár
2020-12-17 9:35 ` Pali Rohár
2020-08-12 9:31 ` Pali Rohár
2020-08-12 9:31 ` Pali Rohár
2020-08-17 9:58 ` Kalle Valo
2020-08-17 9:58 ` Kalle Valo
2020-08-17 10:36 ` Pali Rohár
2020-08-17 10:36 ` Pali Rohár
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87lfik1av8.fsf@toke.dk \
--to=toke@redhat.com \
--cc=ath10k@lists.infradead.org \
--cc=ath9k-devel@qca.qualcomm.com \
--cc=kvalo@codeaurora.org \
--cc=linux-wireless@vger.kernel.org \
--cc=pali@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.