[PATCH 18.06] mac80211: Backport fixes for Kr00k vulnerabilities

Baptiste Jonglez baptiste at bitsofnetworks.org
Sat Aug 29 17:36:36 EDT 2020


On 29-08-20, Hauke Mehrtens wrote:
> On 8/29/20 2:02 PM, Baptiste Jonglez wrote:
> > On 28-08-20, Hauke Mehrtens wrote:
> >> This backports some fixes from kernel 5.6 and 4.14.175.
> > 
> > Thanks, I will give this a try.
> > 
> > It's missing two fixes though:
> > 
> > 5981fe5b0529 ("mac80211: fix misplaced while instead of if")

I tested 18.06 with your 3 patches + 4cf1d191f77f8 (the 4.19 backport of
5981fe5b0529).  Everything worked normally on a RB941-2nD with ath9k.

Tested-By: Baptiste Jonglez <git at bitsofnetworks.org>

> I will add this one to 18.06 and 19.07. The others should be in 19.07
> already.
> 
> > a0761a301746 ("mac80211: drop data frames without key on encrypted links")
> 
> This does not apply to kernel < 5.4, see here:
> https://lore.kernel.org/linux-wireless/20200327150342.252AF20748@mail.kernel.org/

Ah, thanks, that explains it.  In that case it makes sense to wait for
this patch to be backported properly, if it's needed at all.

FYI, I tried to trigger the vulnerability on 18.06.7 with ath9k, which
should be vulnerable, but it did not trigger.  Either I'm doing it wrong,
or it's hard/impossible to trigger.

Baptiste
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20200829/d96812ca/attachment-0001.sig>


More information about the openwrt-devel mailing list