Re: Backporting CVE-2020-3702 ath9k patches to stable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Aug 18, 2021 at 10:48:59AM +0200, Pali Rohár wrote:
> Hello! I would like to request for backporting following ath9k commits
> which are fixing CVE-2020-3702 issue.
> 
> 56c5485c9e44 ("ath: Use safer key clearing with key cache entries")
> 73488cb2fa3b ("ath9k: Clear key cache explicitly on disabling hardware")
> d2d3e36498dd ("ath: Export ath_hw_keysetmac()")
> 144cd24dbc36 ("ath: Modify ath_key_delete() to not need full key entry")
> ca2848022c12 ("ath9k: Postpone key cache entry deletion for TXQ frames reference it")
> 
> See also:
> https://lore.kernel.org/linux-wireless/87o8hvlx5g.fsf@xxxxxxxxxxxxxx/
> 
> This CVE-2020-3702 issue affects ath9k driver in stable kernel versions.
> And due to this issue Qualcomm suggests to not use open source ath9k
> driver and instead to use their proprietary driver which do not have
> this issue.
> 
> Details about CVE-2020-3702 are described on the ESET blog post:
> https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
> 
> Two months ago ESET tested above mentioned commits applied on top of
> 4.14 stable tree and confirmed that issue cannot be reproduced anymore
> with those patches. Commits were applied cleanly on top of 4.14 stable
> tree without need to do any modification.

What stable tree(s) do you want to see these go into?

And what order are the above commits to be applied in, top-to-bottom or
bottom-to-top?

thanks,

greg k-h



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux