Hi Ben, > Ben Hutchings <ben@xxxxxxxxxxxxxxx> hat am 27. August 2017 um 17:14 geschrieben: > > > The CVE-2017-9417 aka "Broadpwn" vulnerability is said to affect the > firmware for various Broadcom BCM43xx wifi chips, some of which are > supported by the in-tree brcmfmac driver and firmware in linux- > firmware.git. > > The bcmdhd driver for Android was patched to improve validation of > events from the firmware: > https://android.googlesource.com/kernel/msm.git/+/android-6.0.1_r0.92%5E!/ > But the event handling code in > drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.c still seems to > lack most of those checks. Should it be patched? > > I also haven't seen any related updates for BCM43xx firmware in linux- > firmware.git. Is any of this firmware vulnerable? according to this comment [1] at least 43438 is affected. [1] - https://github.com/raspberrypi/linux/issues/1342#issuecomment-321221748 > > Ben. > > -- > Ben Hutchings > Teamwork is essential - it allows you to blame someone else.
