diff options
| author | Hauke Mehrtens <hauke@hauke-m.de> | 2021-06-05 18:21:57 +0200 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2021-06-06 17:49:40 +0200 |
| commit | 04a260911ca0f10a0e37c487c220e1aae3623dda (patch) | |
| tree | 1c061dbdfea12c58743d088bf20937d2abc0f605 /package/kernel/mac80211/patches/subsys/383-cfg80211-mitigate-A-MSDU-aggregation-attacks.patch | |
| parent | 3c46ba053d899df65dc07e373c64d1925d30f88e (diff) | |
| download | upstream-04a260911ca0f10a0e37c487c220e1aae3623dda.tar.gz upstream-04a260911ca0f10a0e37c487c220e1aae3623dda.tar.bz2 upstream-04a260911ca0f10a0e37c487c220e1aae3623dda.zip | |
mac80211: Update to backports-5.10.42
The removed patches were integrated upstream.
The brcmf_driver_work workqueue was removed in brcmfmac with kernel
5.10.42, the asynchronous call was covered to a synchronous call. There
is no need to wait any more.
This part was removed manually from this patch:
brcm/860-brcmfmac-register-wiphy-s-during-module_init.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Diffstat (limited to 'package/kernel/mac80211/patches/subsys/383-cfg80211-mitigate-A-MSDU-aggregation-attacks.patch')
| -rw-r--r-- | package/kernel/mac80211/patches/subsys/383-cfg80211-mitigate-A-MSDU-aggregation-attacks.patch | 40 |
1 files changed, 0 insertions, 40 deletions
diff --git a/package/kernel/mac80211/patches/subsys/383-cfg80211-mitigate-A-MSDU-aggregation-attacks.patch b/package/kernel/mac80211/patches/subsys/383-cfg80211-mitigate-A-MSDU-aggregation-attacks.patch deleted file mode 100644 index 8ea78dca84..0000000000 --- a/package/kernel/mac80211/patches/subsys/383-cfg80211-mitigate-A-MSDU-aggregation-attacks.patch +++ /dev/null @@ -1,40 +0,0 @@ -From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be> -Date: Tue, 11 May 2021 20:02:45 +0200 -Subject: [PATCH] cfg80211: mitigate A-MSDU aggregation attacks - -Mitigate A-MSDU injection attacks (CVE-2020-24588) by detecting if the -destination address of a subframe equals an RFC1042 (i.e., LLC/SNAP) -header, and if so dropping the complete A-MSDU frame. This mitigates -known attacks, although new (unknown) aggregation-based attacks may -remain possible. - -This defense works because in A-MSDU aggregation injection attacks, a -normal encrypted Wi-Fi frame is turned into an A-MSDU frame. This means -the first 6 bytes of the first A-MSDU subframe correspond to an RFC1042 -header. In other words, the destination MAC address of the first A-MSDU -subframe contains the start of an RFC1042 header during an aggregation -attack. We can detect this and thereby prevent this specific attack. -For details, see Section 7.2 of "Fragment and Forge: Breaking Wi-Fi -Through Frame Aggregation and Fragmentation". - -Note that for kernel 4.9 and above this patch depends on "mac80211: -properly handle A-MSDUs that start with a rfc1042 header". Otherwise -this patch has no impact and attacks will remain possible. - -Cc: stable@vger.kernel.org -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be> -Signed-off-by: Johannes Berg <johannes.berg@intel.com> ---- - ---- a/net/wireless/util.c -+++ b/net/wireless/util.c -@@ -775,6 +775,9 @@ void ieee80211_amsdu_to_8023s(struct sk_ - remaining = skb->len - offset; - if (subframe_len > remaining) - goto purge; -+ /* mitigate A-MSDU aggregation injection attacks */ -+ if (ether_addr_equal(eth.h_dest, rfc1042_header)) -+ goto purge; - - offset += sizeof(struct ethhdr); - last = remaining <= subframe_len + padding; |