Are the new “frag attacks” something we should be concerned with???
Is the openwrt project working on it or is something turris must do?
Bill
1 Like
Hello @merriam,
Unfortunately, we were not part of the disclosure and since Tuesday evening, we are aware of this patch series:
https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
It fixes multiple CVEs known as FragAttacks security vulnerabilities that affect Wi-Fi devices. From their homepage, I quote this part:
Fortunately, the design flaws are hard to abuse because doing so requires user interaction or is only possible when using uncommon network settings. As a result, in practice the biggest concern are the programming mistakes in Wi-Fi products since several of them are trivial to exploit.
There is also an ongoing discussion on OpenWrt mailing list:
https://lists.openwrt.org/pipermail/openwrt-devel/2021-May/035058.html
My recent details are that OpenWrt wants to release new versions for 19.07 and 21.02rc2, but I would say that it is not easy as it seems. Because it fixes right now only ath10k driver, but what about ath9k as well? Also, we should need to obtain a new firmware for the Turris MOX SDIO card from NXP based on commit messages as it might be necessary to have updated driver and firmware updates.
However, we are still monitoring this vulnerability, and we will not stay behind with updates! We will keep you posted about here and on our social media.
4 Likes