Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp305367pxa; Wed, 12 Aug 2020 02:26:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyGIgfGfVmWRT2L+h3uWSP5LQ53PgfmUDcPtWEdgi8gNCAZZhoIdiTVQ8A1Fzfl0hVUwhJA X-Received: by 2002:aa7:c34d:: with SMTP id j13mr29883635edr.209.1597224390598; Wed, 12 Aug 2020 02:26:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597224390; cv=none; d=google.com; s=arc-20160816; b=CAO6OeR9Zrgvs7NXxYhGR26SFJ3qfawaO2GmWioDMIr1+h0fqMD+Z7LdVMvdQc1tsV YLzSibAhPWop0lVQJmlCoxuqlvIpphxgG5gXJqwlRafSddZ+whKx0aBgaxmPlMhBWzxf usItcT+2FLzoXM4ADtzS5ukwjrI6LNvkMr4CD9Sf1RpTSBMycwbGwR8N/zMKXzgvFQ92 A6rdIxsXdwklJEvqPwahhsbfblPs450GXf31PgB/+eDEJtychnwexq8lCqDHueg4zoOz eVIj6hPvEf2OCeGDOFmch0L7DSbJNgsjlioB5q8oZJideVSiYCUFdFadm8fVMI4/hoYT mtzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=zSxUkKN48ReDQfPmlw5ue/J1B8YpSkRu4JnGE2P8BFY=; b=mH0Nu7FPv1GPMm471ANvr7a78L3RKWrhCiQB+UQ/fwOF55MHEpVERZCJBsYYrlv0jW 0nRv9yvuFcco6/x5VGhde4iXS5eSG12+DlNUiCnWM9KkTju8gpEmAb3X+nSK0ycH6dOR QpacuvRBYJn87FEU4rHo/mws0AhidXBX57KoCm7/kaAidSs1Rd1eqhU0vCxlEQVqhM9p twfPnnGf23AoX/rXIXKxGchuA0oJaEMDYfKPF9A0paHt7cJZD1zf0lz2IN/WI92pL1aZ 73hws6VOSe64O1Cifif50K8qcQR0U2J1E1iUVYNPy/xcOmo1i+VVg439mjxHgm2LPSpE lABQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u7si779107ejn.161.2020.08.12.02.26.06; Wed, 12 Aug 2020 02:26:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727061AbgHLJZw (ORCPT + 99 others); Wed, 12 Aug 2020 05:25:52 -0400 Received: from mail.w1.fi ([212.71.239.96]:51338 "EHLO li674-96.members.linode.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726409AbgHLJZv (ORCPT ); Wed, 12 Aug 2020 05:25:51 -0400 Received: from localhost (localhost [127.0.0.1]) by li674-96.members.linode.com (Postfix) with ESMTP id 546EA119DD; Wed, 12 Aug 2020 09:25:50 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at w1.fi Received: from li674-96.members.linode.com ([127.0.0.1]) by localhost (mail.w1.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id umUOe7D2X-bP; Wed, 12 Aug 2020 09:25:48 +0000 (UTC) Received: by jm (sSMTP sendmail emulation); Wed, 12 Aug 2020 12:23:34 +0300 Date: Wed, 12 Aug 2020 12:23:34 +0300 From: Jouni Malinen To: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= Cc: Pali =?utf-8?B?Um9ow6Fy?= , ath10k@lists.infradead.org, ath9k-devel@qca.qualcomm.com, linux-wireless@vger.kernel.org, Kalle Valo Subject: Re: CVE-2020-3702: Firmware updates for ath9k and ath10k chips Message-ID: <20200812092334.GA17878@w1.fi> References: <20200810090126.mtu3uocpcjg5se5e@pali> <20200812083600.6zxdf5pfktdzggd6@pali> <87lfik1av8.fsf@toke.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87lfik1av8.fsf@toke.dk> Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On Wed, Aug 12, 2020 at 11:17:47AM +0200, Toke Høiland-Jørgensen wrote: > Pali Rohár writes: > > Could somebody react and provide some details when fixes would be > > available for ath9k and ath10k Linux drivers? And what is current state > > of this issue for Linux? > > > > I'm looking at ath9k and ath10k git trees [1] [2] [3] and I do not see > > there any change which could be related to CVE-2020-3702. > > How about these, from March: > > a0761a301746 ("mac80211: drop data frames without key on encrypted links") > ce2e1ca70307 ("mac80211: Check port authorization in the ieee80211_tx_dequeue() case") > b16798f5b907 ("mac80211: mark station unauthorized before key removal") Those cover most of the identified issues for drivers using mac80211 (e.g., ath9k and ath10k; though, I don't remember whether I actually ever managed to reproduce this with ath10k in practice). I have couple of additional ath9k-specific patches that cover additional lower layer paths for this. I hope to get those out after confirming they work with the current kernel tree snapshot. -- Jouni Malinen PGP id EFC895FA