Re: Drivers for Qualcomm wifi chips (ath*k) and security issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Ben,

On Tue, Aug 24, 2021 at 12:37 AM Ben Greear <greearb@xxxxxxxxxxxxxxx> wrote:
>
> On 8/23/21 7:08 AM, Pali Rohár wrote:
> > Hello Sasha and Greg!
> >
> > Last week I sent request for backporting ath9k wifi fixes for security
> > issue CVE-2020-3702 into stable LTS kernels because Qualcomm/maintainers
> > did not it for more months... details are in email:
> > https://lore.kernel.org/stable/20210818084859.vcs4vs3yd6zetmyt@pali/t/#u
>
> For one thing, almost everyone using these radios is using openwrt or
> similar which has its own patch sets.

For reference, according to Debian's own security tracker, only
CVE-2020-26139 is patched on all but the most ancient tracked release:

https://security-tracker.debian.org/tracker/CVE-2020-26139 (fixed in
all but the most ancient release)
https://security-tracker.debian.org/tracker/CVE-2020-3702 (all tracked
kernels are vulnerable)
https://security-tracker.debian.org/tracker/CVE-2020-26145 (only
testing/unstable is fixed)
https://security-tracker.debian.org/tracker/CVE-2020-26141 (only
testing/unstable is fixed)

Debian Buster has a 4.19 kernel and they only released Bullseye, it's
successor, a couple of weeks ago, so there's probably a
not-insignificant number of PCs out there still running kernels that
old, and I understand that they'll be supporting Buster with security
fixes for approximately another year:
https://www.debian.org/security/faq#lifespan

Thanks,

-- 
Julian Calaby

Email: julian.calaby@xxxxxxxxx
Profile: http://www.google.com/profiles/julian.calaby/




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux