8f746d1044
FIX: [mac80211] prevent mixed key and fragment cache attacks (CVE-2020-24586, CVE-2020-24587)
FIX: [mac80211] properly handle A-MSDUs that start with an RFC 1042 header
FIX: [mac80211] Mitigate A-MSDU injection attacks (CVE-2020-24588)
FIX: [mac80211] drop A-MSDUs completely with old ciphers. (CVE-2020-24588)
FIX: [mac80211] add fragment cache to sta_info
FIX: [mac80211] check defrag PN against current frame
FIX: [mac80211] prevent attacks on TKIP/WEP as well
FIX: [mac80211] do not accept/forward invalid EAPOL frames
FIX: [mac80211] extend protection against mixed key and fragment cache attacks (CVE-2020-24586, CVE-2020-24587)
FIX: [mac80211] ath10k: add CCMP PN replay protection for fragmented frames for PCIe
FIX: [mac80211] ath10k: drop fragments with multicast DA for PCIe (CVE-2020-26145)
FIX: [mac80211] ath10k: drop fragments with multicast DA for SDIO (CVE-2020-26145)
FIX: [mac80211] ath10k: drop MPDU which has discard flag set by firmware for SDIO (CVE-2020-24588)
FIX: [mac80211] ath10k: Fix TKIP Michael MIC verification for PCIe (CVE-2020-26141)
FIX: [mac80211] ath10k: Validate first subframe of A-MSDU before processing the list
FIX: [wl18xx] firmware: updated to version 8.9.0.0.88 (Fixes related to Wi-Fi FragAttacks - FRagmentation and AGgregation Attacks)
BugzId: 72727
(cherry picked from commit
|
||
|---|---|---|
| conf | ||
| recipes-connectivity | ||
| recipes-devtools/flex | ||
| recipes-firmware | ||
| recipes-kernel/mac80211 | ||