Issue metadata
Sign in to add a comment
|
Security: Firmware bug in Broadcom WiFi firmware CVE-2017-11121 |
||||||||||||||||||||||||
Issue descriptionThere's a vulnerability in Broadcom WiFi firmware, which Broadcom tracks as "V2017061205 / CVE-2017-11121 - fbt buffer overrun in aes keywrap and gtk update". The bug amounts to remotely-executable buffer overflows in the firmware, potentially allowing the attacker to execute code in the context of the firmware. Only mitigating factor is that the BCM 4354 parts are hooked up via SDIO with the system so don't have DMA capabilities. We'll require updated firmware from Broadcom to pick up the fix, which Terry is going to provide.
,
Sep 4 2017
Firmware in comment #2 working fine in basic testing. CL to pull it in: https://chromium-review.googlesource.com/c/chromium/src/+/641553
,
Sep 4 2017
I included the wrong CL link in comment #2, apologies. Correct CL is https://chromium-review.googlesource.com/649366
,
Sep 4 2017
,
Sep 4 2017
Adding Sameer and Kirtika.
,
Sep 5 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/linux-firmware/+/5648a83c2dd5e4a98eb52c464992668f8dc6ae7f commit 5648a83c2dd5e4a98eb52c464992668f8dc6ae7f Author: Mattias Nissler <mnissler@chromium.org> Date: Tue Sep 05 20:44:04 2017 Update brcmfmac4354 firmware to version 7.81.2 BUG= chromium:761785 TEST=WiFi connection successful with new firmware. Change-Id: I1d6dcf0f72fa65e4176f02c2385ecea599fb05d0 Reviewed-on: https://chromium-review.googlesource.com/649366 Commit-Ready: Mattias Nissler <mnissler@chromium.org> Tested-by: Mattias Nissler <mnissler@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> [modify] https://crrev.com/5648a83c2dd5e4a98eb52c464992668f8dc6ae7f/brcm/brcmfmac4354-sdio.bin
,
Sep 5 2017
,
Sep 5 2017
This bug requires manual review: Request affecting a post-stable build Please contact the milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), ketakid@(ChromeOS), govind@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 6 2017
+Bernie for 62.
,
Sep 6 2017
,
Sep 6 2017
,
Sep 6 2017
Approving merge to M61 and M62.
,
Sep 7 2017
Note that there's another pending firmware update per issue 762487 . I'll hold off with the merges for now until we have the final fixed firmware images.
,
Sep 11 2017
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible! If all merges have been completed, please remove any remaining Merge-Approved labels from this issue. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 12 2017
Duplicating since this is superseded by a subsequent firmware update.
,
Sep 15 2017
This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible! If all merges have been completed, please remove any remaining Merge-Approved labels from this issue. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 15 2017
No merges required, merges for issue 762487 took care of things.
,
Dec 20 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by terry-ht...@broadcom.com
, Sep 4 2017589 KB
589 KB Download