The CVE-2017-9417 aka "Broadpwn" vulnerability is said to affect the firmware for various Broadcom BCM43xx wifi chips, some of which are supported by the in-tree brcmfmac driver and firmware in linux- firmware.git.
The bcmdhd driver for Android was patched to improve validation of events from the firmware: https://android.googlesource.com/kernel/msm.git/+/android-6.0.1_r0.92%5E!/ But the event handling code in drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.c still seems to lack most of those checks. Should it be patched? I also haven't seen any related updates for BCM43xx firmware in linux- firmware.git. Is any of this firmware vulnerable? Ben. -- Ben Hutchings Teamwork is essential - it allows you to blame someone else.
signature.asc
Description: This is a digitally signed message part
