CVE-2017-9417 “Broadpwn”
Bug #1713276 reported by
Adam Smith
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-firmware (Ubuntu) |
Confirmed
|
High
|
Seth Forshee |
Bug Description
Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.
Cypress (was Broadcom) have given the Raspberry Pi foundation new releases of the WiFi and Bluetooth firmware to fix the problem. See https:/
The pre-release files found at the above link are now included in the latest release of raspbian stretch.
Would it be possible to include these new files in the linux-firmware package? Please note at the moment the package is missing the file brcmfmac43430-
CVE References
Changed in linux-firmware (Ubuntu): | |
assignee: | nobody → Seth Forshee (sforshee) |
importance: | Undecided → High |
status: | New → Confirmed |
To post a comment you must log in.
The file you linked to does not contain any license information, without that we cannot incorporate it into Ubuntu. In searching I can't find specific information about which firmware version has the fix, but even the RPi-Distro github trees do not seem to have been updated. So I haven't been able to find an updated version of the firmware that we will be able to distribute.
Broadcom did push a version of the firmware to upstream linux-firmware at some point, and this is the version we have in Ubuntu's linux-firmware. The best case is for Broadcom to update the firmware there, then we can easily pull it into Ubuntu.