CVE-2020-3702: Firmware updates for ath9k and ath10k chips

Pali Rohár pali at kernel.org
Mon Aug 10 05:01:26 EDT 2020


Hello!

ESET engineers on their blog published some information about new
security vulnerability CVE-2020-3702 in ath9k wifi cards:
https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/

According to Qualcomm security bulletin this CVE-2020-3702 affects also
some Qualcomm IPQ chips which are handled by ath10k driver:
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin#_cve-2020-3702

Kalle, could you or other people from Qualcomm provide updated and fixed
version of ath9k and ath10k firmwares in linux-firmware git repository?

According to Qualcomm security bulletin this issue has Critical security
rating, so I think fixed firmware files should be updated also in stable
releases of linux distributions.



More information about the ath10k mailing list