Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Used firmware susceptible to ThreadX vulnerabilities? #344
An RCE vulnerability in various Marvell wireless chipset/firmware combinations has been recently reported, find more details at:
Is the firmware bundled with the mwlwifi driver affected? The linked report specifically mentions
I'd rather not jump to conclusions, but my opinion is that the lack of commits in this repo and https://github.com/mrvltest/mwlwifi-8997 may mean that they're devoting all their resources on actually patching it out. The existence (not the details) of the vulnerability was initially publicly disclosed on November 21-20 Zero Nights 2018 in St. Petersburg (https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf). Regardless, it'd still be nice to actually hear from @yuhhaurlin to know when the patched binaries are available, if applicable to the WRT AC series or mwlwifi.
Looks like the vulnerability has been assigned as CVE-2019-6496. However, details are still obfuscated and sparse.
I gave up with the idea that the new linksys wrt series wifi interfaces were just going to have good open source support just the first day I tried them. Retained just one of them just in case the situation drastically change, but, still the same.
This driver have a lot of stability and other type of problems, and the main developer seems to be blind, as you can read that he states that the driver is very nice in different github issues. I think is going to be a miracle If you get a confirmation here from Marvell for the RCE vulnerability.
Marvell's vendor statement is located here.
Additional information and an up to date summary here: https://kb.cert.org/vuls/id/730261/
Kind of disappointed that we had to manually track the CVE through multiple websites and user forums instead of having been informed by the main developer of this project.
@yuhhaurlin I was wondering if you could elaborate a bit more on this response of that there "should be no issues". Please see the following information:
https://kb.cert.org/vuls/id/730261/ (Mentions 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997)
88W8897 and 88W8997 both have .bin files provided by Marvell that are in this code repository:
Looking at the latest commits for each, it appears these are provided by Marvell themselves?
I inquired to Will Dormann on Twitter as he is mentioned as document writer at CERT about this
So Marvell only mentions 88W8897 but we do know that a firmware binary has been provided by Marvell to this repository. In addition, CERT mentions 88W8997 though, as well as some other chipsets which are not present in this repository. But Will has also mentioned that it's entirely possible (but not necessarily confirmed) that it could potentially affect other chipsets in the Marvell Avastar Chipset series, meaning 'potentially' having on impact on the other chipsets provided here (88W8864.bin and 88W8964.bin, in addition to 88W8897 and 88W8997 which are confirmed affected).
So going back to the firmware binaries in this repository, would it not make sense to get a line of communication going with Marvell to inquire regarding a new updated firmware binary that could potentially resolve this issue? Has this line of communication already been done behind the scenes?
I don't think Marvell are going to willingly send out updated firmwares, I also found this thread that seems to indicate that it's more on the maintainers to reach out and Marvell themselves can't know the level of interested off hand or be responsible for sending out updated firmwares:
Lastly, I compared both the marvell-wireless/mwlwifi and kaloz/mwlwifi repositories under /bin/firmware to see what versions are present in each
Differences as follows:
it appears that each repository has a different more up to date firmware binary.
Anyways, @yuhhaurlin to summarize, have you and if not could you or the repository owner get in contact with Marvell and determine if these firmware binary file is indeed vulnerable and possibly get an updated firmware binary for each of the chipsets maintained by this project, as they may include a fix to the vulnerability in question?
I'm gathering this information from the outside in, so please let me know if I'm misunderstood anything here regarding the project. But I know for myself as well as others, we are looking for a more detailed response from the repository owner on why exactly this isn't vulnerable and "There should be no these issues" isn't a good enough answer, why are there no issues/etc.