Mateusz Jończyk wrote on 06.04.23 14:18:
W dniu 28.03.2023 o 00:54, hauke at hauke-m.de (Hauke Mehrtens) pisze:
Hi,
I would like to create a new OpenWrt 22.03 and 21.02 minor release in
the next week.
OpenWrt 21.02.6 would be the final release of the OpenWrt 21.02 series.
Hello,
Last week, a vulnerability in some WiFi stacks has been revealed. It affects
Linux and
can in some cases break WPA2 / WPA3 encryption. It has received much media
attention.
The paper is called
"Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues"
and is authored by Domien Schepers, Aanjhan Ranganathan and Mathy Vanhoef.
I was wondering whether you would like to delay the release until this is fixed
in mainline Linux.
The paper is available at: https://papers.mathyvanhoef.com/usenix2023-wifi.pdf
Some more information from the authors:
https://github.com/domienschepers/wifi-framing
Greetings,
Mateusz
Hi Mateusz,
this paper is about CVE-2022-47522 which seems to be fixed in all
supported OpenWrt branches by commits that were pushed 7 days ago by
Felix Fietkau.
E.g. 4ae854d05568bc36a4df2cb6dd8fb023b5ef9944 in branch openwrt-22.03.
Greetings,
Andreas
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
