New Wi-Fi vulnerability (probably) affecting OpenWrt

(Should go in security announcements)

https://www.fragattacks.com/

https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/

Patchset at the above link includes patches for mac/cfg80211 and ath10k/ath11k

14 Likes

patched up

11 Likes

To master I guess? Will there also be a patch for 19.07.7?

1 Like

ML thread, appears there will be some forthcoming

8 Likes

great job. thanks to the devs

How do I see the branches in this Web UI https://git.openwrt.org/?p=openwrt/openwrt.git;a=summary
For every release a branch?

At the bottom of the page you can see the different brances under "heads", e.g.:
master
21.02
19.07

1 Like

I'm so glad all the main security design and standardization behind WiFi is done behind closed doors, really helps prevent issues like this.

12 Likes

Nobody is sure yet.

It's already patched - just need to kick-start a build. There are potentially other minor fixes and a kernel bump which are desirable to integrate into another point release.

Hi systemcrash,

i needed a 19.07 Build too and followed the guide:

After cloning i switched the branch to the Version 19.07:

$ git checkout openwrt-19.07

And some steps later, followed the quickstart-build-images guide, i configure my Router with

$ make menuinstall

and start the Building with:

$ make

Well done. Copied openwrt*-squashfs-sysupgrade.bin to my Router, made the usual sysupgrade and it reboots and everything's fine.

However the whole Patch from Felix Fietkau mentioned by User anomeome was not in my cloned 19.07 Branch.

But the Kernel now has the Version 4.14.232 and it seems that at least all patches for that Kernel got applied.

I am right that some Patches like

package/kernel/mac80211/patches/ath/300-ath10k-add-CCMP-PN-replay-protection-for-fragmented-.patch

as mentioned in in Felix commit is no issue for openwrt-19.07 and Kernel 4.14.x?

All the missing patches for 19.07 do not need to be applied, i am right?

Best Regards,

Jolly

I don't see the fixes back-ported to 19.07 yet. Those fixes should be no issue for 19.x - but the fixes are not in 19.x yet. Just master and 21.x

@nbd could you also backport to 18.x? Would be sensible to cover those still on low-mem devices...

Edit: with the provision that the patches work as intended :slight_smile:

Does not appear that they want to go back further.

BTW, how do I check if this patch is applied to v21.02.0-rc1 ??

Cheers, Frood

I can almost guarantee you it isn’t applied since rc1 was buildt before the problem was even known.
Do you want the patch you need to run a snapshot or wait to rc2 or stable release.

But anyway you will get a patch so many years before anyone else in the world since I don’t believe for a second any commercial company will lift a finger as usual to make a update for old devices to fix this.

(A sidenote, It would be fun to start counting days now how long it will take for TP-link to make a update to my EAP245 that actually has a security fix for this problem and not just gui things, and WPA3. But I guess the time it takes for me to install OpenWRT in it is probably shorter)

1 Like

flygarn12,
i am not sure if i understand that right, but there are daily Development Builds/Snapshots.

Which, i assume are up to date Builds. But be carefull, they can have new or testing Bugs too.

However, if you see the Timestamp of the Patches and the commits, you can pick a close Snapshot too.

But with the Snapshots you should check twice Version and Target. Because some Routers have different Versions. I hope that everyone is aware of this by using openwrt on their devices.

Rc1 isn’t a snapshot and isn’t updated. It is a freezed prototype made for testing.
In practical terms a release with bugs.

21.02 is in two versions now.

21.02-rc1=first stable test build.
21.02-Snapshot= “the latest daily version”

2 Likes

Thank you. So i'll check out later for some Update.

I stay right now with 19.7.x cause i need that Router to operate and have no time for an update to 21.x. My Linksys Router refuse to upgrade without factory reset, to proceed i have to reset it's IP and main configuration, and i am just to lazy for that procedure.

In the beginning of this OWRT adventure of my I made a mistake and it ended with me having two WRT3200acm. I didn’t know what to do with the other router until I realized after some massive fails in the beginning that it was perfect to test new software and high risk settings without risk on the “test” router before implementing new changes to the operational router.

2 Likes

Would you please devote your time to patch OpenWrt Backfire 10.03.1 from 2011? Would be sensible to cover my Linksys WRT54G v1.1.

Thanks. :upside_down_face:

3 Likes

As far as I understand the wifi drivers or even the proprietary RF part of the wifi device has to support the fixes? Am I wrong?