with the yocto update from dunfell to kirkstone (the new LTS
version) several things needed to be changed.
Signed-off-by: Marc Mattmueller <marc.mattmueller@netmodule.com>
FIX: [mac80211] prevent mixed key and fragment cache attacks (CVE-2020-24586, CVE-2020-24587)
FIX: [mac80211] properly handle A-MSDUs that start with an RFC 1042 header
FIX: [mac80211] Mitigate A-MSDU injection attacks (CVE-2020-24588)
FIX: [mac80211] drop A-MSDUs completely with old ciphers. (CVE-2020-24588)
FIX: [mac80211] add fragment cache to sta_info
FIX: [mac80211] check defrag PN against current frame
FIX: [mac80211] prevent attacks on TKIP/WEP as well
FIX: [mac80211] do not accept/forward invalid EAPOL frames
FIX: [mac80211] extend protection against mixed key and fragment cache attacks (CVE-2020-24586, CVE-2020-24587)
FIX: [mac80211] ath10k: add CCMP PN replay protection for fragmented frames for PCIe
FIX: [mac80211] ath10k: drop fragments with multicast DA for PCIe (CVE-2020-26145)
FIX: [mac80211] ath10k: drop fragments with multicast DA for SDIO (CVE-2020-26145)
FIX: [mac80211] ath10k: drop MPDU which has discard flag set by firmware for SDIO (CVE-2020-24588)
FIX: [mac80211] ath10k: Fix TKIP Michael MIC verification for PCIe (CVE-2020-26141)
FIX: [mac80211] ath10k: Validate first subframe of A-MSDU before processing the list
FIX: [mac80211] ath11k: Clear the fragment cache during key install (CVE-2020-24587)
FIX: [mac80211] ath11k: Drop multicast fragments
FIX: [wl18xx] firmware: updated to version 8.9.0.0.88 (Fixes related to Wi-Fi FragAttacks - FRagmentation and AGgregation Attacks)
BugzId: 72727
Felix Kopf
Marc Mattmueller
Patrick Walther