CVE-2020-3702: Firmware updates for ath9k and ath10k chips

public inbox for linux-wireless@vger.kernel.org
 help / color / mirror / Atom feed

From: "Pali Rohár" <pali@kernel.org>
To: ath10k@lists.infradead.org, ath9k-devel@qca.qualcomm.com,
	linux-wireless@vger.kernel.org, Kalle Valo <kvalo@codeaurora.org>
Subject: CVE-2020-3702: Firmware updates for ath9k and ath10k chips
Date: Mon, 10 Aug 2020 11:01:26 +0200	[thread overview]
Message-ID: <20200810090126.mtu3uocpcjg5se5e@pali> (raw)

Hello!

ESET engineers on their blog published some information about new
security vulnerability CVE-2020-3702 in ath9k wifi cards:
https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/

According to Qualcomm security bulletin this CVE-2020-3702 affects also
some Qualcomm IPQ chips which are handled by ath10k driver:
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin#_cve-2020-3702

Kalle, could you or other people from Qualcomm provide updated and fixed
version of ath9k and ath10k firmwares in linux-firmware git repository?

According to Qualcomm security bulletin this issue has Critical security
rating, so I think fixed firmware files should be updated also in stable
releases of linux distributions.

next             reply	other threads:[~2020-08-10  9:01 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-10  9:01 Pali Rohár [this message]
2020-08-12  8:36 ` CVE-2020-3702: Firmware updates for ath9k and ath10k chips Pali Rohár
2020-08-12  9:17   ` Toke Høiland-Jørgensen
2020-08-12  9:23     ` Jouni Malinen
2020-08-12  9:32       ` Michał Kazior
2020-10-07  8:25       ` Pali Rohár
2020-12-07 14:04         ` Pali Rohár
2020-12-14 17:41           ` Jouni Malinen
2020-12-17  9:35             ` Pali Rohár
2020-08-12  9:31     ` Pali Rohár
2020-08-17  9:58 ` Kalle Valo
2020-08-17 10:36   ` Pali Rohár

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200810090126.mtu3uocpcjg5se5e@pali \
    --to=pali@kernel.org \
    --cc=ath10k@lists.infradead.org \
    --cc=ath9k-devel@qca.qualcomm.com \
    --cc=kvalo@codeaurora.org \
    --cc=linux-wireless@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox