Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp270740pxb; Wed, 18 Aug 2021 01:50:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwpgM3uam68wYt6/bNtc24DkroG8DvLf/rGxMVMkaxAm8MevTrceGkhdFU7ZIDquEbcBbzT X-Received: by 2002:a92:c6d1:: with SMTP id v17mr5441801ilm.302.1629276632140; Wed, 18 Aug 2021 01:50:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629276632; cv=none; d=google.com; s=arc-20160816; b=MUk/GDP8KpBYVCfS+JCiwg9Y+hsjGmL1cpzn2iaQn/ygxvP3eoYMqZPMkKkPhblFzJ cVkv0w6Xdnd44p5Re3ADJmCMXycmJX73mVH/aZq2qu5oC2EBNsBxlq9WfiI1NTmy5Q7S j7qfnPAL9+rAbOgPfIzomRJvldQtX21bUblYxP4owya1vLJhd6IizA4UCIJu96NfUzbr 3VmJ/UYBaXIor6wh6qCvrFfpfLT9zCfTP/y+moGbj5hUG6CdgpE/eDGxZoBm53wZgx0E zcTVXW6zAimdgJDLfnekzpGPLXlL2wfLyF+LMbgBR//n1qWCY1VqJS31JYx+mjxq9wmY 71VA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:content-disposition:mime-version :message-id:subject:cc:to:from:date:dkim-signature; bh=GGkX2P/e53YC5Y3E87DrwesFOzn/RDad8enFDtE/Rqk=; b=lAMz10cvp5PVHCk8V3VWslUo6tkmHnYhCcEd7Rni17GlfyTWua7fMntyzqKSsDNW8z IbQqeKtA6IAAth2M7o0iMEK1zb53b0Ia9ZQb4o7mHKuFTiKB4XQZeyNrh30yC/j/b47W 5ymFVCOzZpfg6zy+Ukdp3XpR9toOLsSei70GGIk35188d+87EY7Rm5uF1PgAb+UC2NC7 Owr0b5GS9zHARkBnMligAw/iK1/3YVifHyX8mOL5IyeOtdJ+zZ+IapG4nafP8mcPvPiI 7eSVoXe+FH9C+nDDk0eP/EnajajTr30tQGzxWnHjDUogefy+t0XRO1gmtWiqaF0XV89S eEmQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ddE0AGJd; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a3si4926281ilq.96.2021.08.18.01.50.20; Wed, 18 Aug 2021 01:50:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ddE0AGJd; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233640AbhHRItp (ORCPT + 99 others); Wed, 18 Aug 2021 04:49:45 -0400 Received: from mail.kernel.org ([198.145.29.99]:47840 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229944AbhHRItg (ORCPT ); Wed, 18 Aug 2021 04:49:36 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 8899261053; Wed, 18 Aug 2021 08:49:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1629276541; bh=GGkX2P/e53YC5Y3E87DrwesFOzn/RDad8enFDtE/Rqk=; h=Date:From:To:Cc:Subject:From; b=ddE0AGJdx9UT7KmrCG/fXVY6E81BAJ1uT81hIjp8QES14+M0BQQn4z1RbxGAuk/lP 4hH5mb7ssm9PIHsR2k+8ujCc8S9AHVd0eK9WeFSC7KV/G6Y0KsxKdV0PpODKovrfyc TwnTLlERxYKLJCjlc4TwK6/reOz8QvCAWtiPYenY76XKBAA7Get+DJlQ8IsCA7S37Z vtNPWTQlKXKtpx79tioMc1LofibKJBwqXnRgUFUmh4FONkFLYZmly9sX0bSGiBHosR FYvKNfEErU7AtvU+fAL68ox/qS20wjJwz/y3+sHdOVsVZdiAktjNFCeF3RamLtgl9Z m4fgnfwJlEmcw== Received: by pali.im (Postfix) id 2BABD68A; Wed, 18 Aug 2021 10:48:59 +0200 (CEST) Date: Wed, 18 Aug 2021 10:48:59 +0200 From: Pali =?utf-8?B?Um9ow6Fy?= To: stable@vger.kernel.org Cc: Greg KH , Sasha Levin , Kalle Valo , linux-wireless@vger.kernel.org Subject: Backporting CVE-2020-3702 ath9k patches to stable Message-ID: <20210818084859.vcs4vs3yd6zetmyt@pali> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: NeoMutt/20180716 Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Hello! I would like to request for backporting following ath9k commits which are fixing CVE-2020-3702 issue. 56c5485c9e44 ("ath: Use safer key clearing with key cache entries") 73488cb2fa3b ("ath9k: Clear key cache explicitly on disabling hardware") d2d3e36498dd ("ath: Export ath_hw_keysetmac()") 144cd24dbc36 ("ath: Modify ath_key_delete() to not need full key entry") ca2848022c12 ("ath9k: Postpone key cache entry deletion for TXQ frames reference it") See also: https://lore.kernel.org/linux-wireless/87o8hvlx5g.fsf@codeaurora.org/ This CVE-2020-3702 issue affects ath9k driver in stable kernel versions. And due to this issue Qualcomm suggests to not use open source ath9k driver and instead to use their proprietary driver which do not have this issue. Details about CVE-2020-3702 are described on the ESET blog post: https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/ Two months ago ESET tested above mentioned commits applied on top of 4.14 stable tree and confirmed that issue cannot be reproduced anymore with those patches. Commits were applied cleanly on top of 4.14 stable tree without need to do any modification.