CVE-2020-3702: Firmware updates for ath9k and ath10k chips

[Toke Høiland-Jørgensen]

Pali Rohár <pali at kernel.org> writes:

> On Monday 10 August 2020 11:01:26 Pali Rohár wrote:
>> Hello!
>> 
>> ESET engineers on their blog published some information about new
>> security vulnerability CVE-2020-3702 in ath9k wifi cards:
>> https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
>> 
>> According to Qualcomm security bulletin this CVE-2020-3702 affects also
>> some Qualcomm IPQ chips which are handled by ath10k driver:
>> https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin#_cve-2020-3702
>> 
>> Kalle, could you or other people from Qualcomm provide updated and fixed
>> version of ath9k and ath10k firmwares in linux-firmware git repository?
>> 
>> According to Qualcomm security bulletin this issue has Critical security
>> rating, so I think fixed firmware files should be updated also in stable
>> releases of linux distributions.
>
> Hello!
>
> Qualcomm has already sent following statement to media:
>
>     Qualcomm has already made mitigations available to OEMs in May 2020,
>     and we encourage end users to update their devices as patches have
>     become available from OEMs.
>
> And based on information from ESET blog post, Qualcomm's proprietary
> driver for these wifi cards is fixed since Qualcomm July release.
>
> Could somebody react and provide some details when fixes would be
> available for ath9k and ath10k Linux drivers? And what is current state
> of this issue for Linux?
>
> I'm looking at ath9k and ath10k git trees [1] [2] [3] and I do not see
> there any change which could be related to CVE-2020-3702.

How about these, from March:

a0761a301746 ("mac80211: drop data frames without key on encrypted links")
ce2e1ca70307 ("mac80211: Check port authorization in the ieee80211_tx_dequeue() case")
b16798f5b907 ("mac80211: mark station unauthorized before key removal")

-Toke