On Thursday 17 December 2020 06:51:48 Kalle Valo wrote: > Jouni Malinen <jouni@xxxxxxxxxxxxxx> wrote: > > > It is possible for there to be pending frames in TXQs with a reference > > to the key cache entry that is being deleted. If such a key cache entry > > is cleared, those pending frame in TXQ might get transmitted without > > proper encryption. It is safer to leave the previously used key into the > > key cache in such cases. Instead, only clear the MAC address to prevent > > RX processing from using this key cache entry. > > > > This is needed in particularly in AP mode where the TXQs cannot be > > flushed on station disconnection. This change alone may not be able to > > address all cases where the key cache entry might get reused for other > > purposes immediately (the key cache entry should be released for reuse > > only once the TXQs do not have any remaining references to them), but > > this makes it less likely to get unprotected frames and the more > > complete changes may end up being significantly more complex. > > > > Signed-off-by: Jouni Malinen <jouni@xxxxxxxxxxxxxx> > > Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxxxxxx> > > 5 patches applied to ath-next branch of ath.git, thanks. > > 56c5485c9e44 ath: Use safer key clearing with key cache entries > 73488cb2fa3b ath9k: Clear key cache explicitly on disabling hardware > d2d3e36498dd ath: Export ath_hw_keysetmac() > 144cd24dbc36 ath: Modify ath_key_delete() to not need full key entry > ca2848022c12 ath9k: Postpone key cache entry deletion for TXQ frames reference it Hello! Should not these patches be suitable for backporting into stable kernels (via CC: stable@ commit message line) as they are related to security issue CVE-2020-3702?
