Update iwlwifi firmware for 3160, 3168, 7260, 7265 and 7265D

Bug #1728762 reported by quanxian on 2017-10-31
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
intel
Undecided
Unassigned
linux-firmware (Ubuntu)
High
Seth Forshee
Trusty
High
Seth Forshee
Xenial
High
Seth Forshee
Zesty
High
Seth Forshee
Artful
High
Seth Forshee
Bionic
High
Seth Forshee

Bug Description

SRU Justification

Impact: Intel wireless firmware WoWLAN functionality is vulnerable to some CVEs from the KRACK attack vulnerabilities, CVE-2017-13080 and CVE-2017-13081.

Fix: Updated firmware from Intel containing fixes for these vulnerabilities.

Test Case: Difficult to test; we are reliant on testing done by Intel.

Regression Potential: There is always some possibility for regressions with firmware updates, but as these are bug fix updates the regression potential is minimal. I have been using the 7260 firmware for over a week now without issue.

---

There are two parts of WIFI firmware update. Please double check if Ubuntu release has include them.

A new firmware version for 8260 and 8265 WiFi devices.
This our Core31 release (-34.ucode).
https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware.git/commit/?id=348d2b53326bcef4c260037cc7a6006fc80ca5bb

A new firmware version for 3160, 3168, 7260, 7265 and 7265D
Note: This firmware version hasn't been pulled into mainline yet.
This includes a security fix.
The patch in iwlwifi/linux-firmware.git is here:
https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware.git/commit/?id=11e310f97470f91e26e6f3408b09871fd6cd3c5c

CVE References

Seth Forshee (sforshee) wrote :

It looks like only 4.14 supports the -34 firmware files. Since we haven't yet moved to 4.14 I see no urgency to pull these in, we can wait until we either update bionic to use 4.14 or upstream linux-firmware pulls in the files.

If the other files contain a security fix we can pull those in now. We will need a public launchpad bug though to SRU the files, I'm not sure though if the security fix is public knowledge or not. @quanxian, an you advise whether we can make this bug public or if I should open a new bug which does not mention the security fix? Is there a CVE number associated with the issue?

quanxian (quanxian-wang) wrote :

The security bugfix is for the krackattack vulnerability that has been published already.
CVE list is in www.krackattacks.com.

NOTE: The bugfix in the firmware is *only for WoWLAN operation*. The fixes for regular operation is NOT included and should come from the wpa_s and kernel.(not related with firmware)

@sforshee

You can make it this bug public.

Any comment, let us know.

Seth Forshee (sforshee) on 2017-11-09
summary: - [Feature] WIFI: firmware update
+ Update iwlwifi firmware for 3160, 3168, 7260, 7265 and 7265D
information type: Proprietary → Public
Seth Forshee (sforshee) wrote :

I will update the firmware as far as possible. Note that some of the older kernels we support (4.4 for example) do not support new enough ucode versions to benefit from the fixes to some of the ucode files, and will remain vulnerable.

Changed in linux-firmware (Ubuntu):
assignee: nobody → Seth Forshee (sforshee)
importance: Undecided → High
status: New → In Progress
Seth Forshee (sforshee) on 2017-11-09
Changed in linux-firmware (Ubuntu Artful):
assignee: nobody → Seth Forshee (sforshee)
status: New → In Progress
Changed in linux-firmware (Ubuntu Zesty):
assignee: nobody → Seth Forshee (sforshee)
importance: Undecided → High
status: New → In Progress
Changed in linux-firmware (Ubuntu Artful):
importance: Undecided → High
Changed in linux-firmware (Ubuntu Xenial):
assignee: nobody → Seth Forshee (sforshee)
importance: Undecided → High
status: New → In Progress
Changed in linux-firmware (Ubuntu Trusty):
assignee: nobody → Seth Forshee (sforshee)
importance: Undecided → High
status: New → In Progress
Seth Forshee (sforshee) wrote :

@quanxian - There are quite a few CVEs grouped together under the krack attack moniker. Is the firmware vulnerable to all of these attacks? If not, which specific CVE numbers are addressed? I tried finding this information on the krack attack web site and from the NIST advisories, but I couldn't find any references to Intel wireless firmware. The closest I found was this:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr

but that still doesn't break out which vulnerabilities affected the firmware specifically; based on that it could be as many as 4 of them or as few as 2. Please advise, thanks!

Changed in intel:
status: New → Incomplete
quanxian (quanxian-wang) wrote :

You got right information from https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr.

You can find one line "the Wake-on-Wireless-LAN functionality (WoWLAN), is a reasonable mitigation against CVE-2017-13080 and CVE-2017-13081".

If I am not wrong, CVE-2017-13080/13081 should be CVE number for firmware update. Also from the list, you can find these two CVE numbers are related with 3160, 3168, 7260, 7265 and 7265D.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-firmware - 1.170

---------------
linux-firmware (1.170) bionic; urgency=medium

  * Rebase against git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git
    bf04291309d3169c0ad3b8db52564235bbd08e30
    - cxgb4: update firmware to revision 1.16.63.0
    - ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00051-QCARMSWP-1
    - ath10k: QCA6174 hw3.0: update board-2.bin
    - Revert "ath10k: QCA988X hw2.0: update firmware to 10.2.4.70.63-2"
    - WHENCE: Fix syntax error for iwlwifi-8265-31.ucode entry
    - WHENCE: Add new radeon firmware
    - WHENCE: Add new qed firmware

  * CVE-2017-13080 and CVE-2017-13081 (LP: #1728762)
    - iwlwifi: update firmwares for 3160, 3168, 7265D, 8000C and 8265
    - iwlwifi: update firmwares for 3160, 3168, 7260, 7265 and 7265D

  * a300_[pfp|pm4].fw clashes when installing linux-firmware (LP: #1728908)
    - Add linux-firmware-snapdragon to Breaks: and Replaces:

 -- Seth Forshee <email address hidden> Wed, 15 Nov 2017 15:04:50 -0600

Changed in linux-firmware (Ubuntu Bionic):
status: In Progress → Fix Released
Seth Forshee (sforshee) on 2017-11-17
Changed in linux-firmware (Ubuntu Trusty):
status: In Progress → Fix Committed
Changed in linux-firmware (Ubuntu Xenial):
status: In Progress → Fix Committed
Changed in linux-firmware (Ubuntu Zesty):
status: In Progress → Fix Committed
Changed in linux-firmware (Ubuntu Artful):
status: In Progress → Fix Committed
quanxian (quanxian-wang) wrote :

The above one is for 3160, 3168, 7260, 7265 and 7265D

This is for 8265/8260

upstream: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=8682bbcafc43792c71e210a1316b355bf17b3297

Hello quanxian, or anyone else affected,

Accepted linux-firmware into artful-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/linux-firmware/1.169.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-artful to verification-done-artful. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-artful. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Andy Whitcroft (apw) wrote :

Hello quanxian, or anyone else affected,

Accepted linux-firmware into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/linux-firmware/1.157.14 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Andy Whitcroft (apw) wrote :

Hello quanxian, or anyone else affected,

Accepted linux-firmware into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/linux-firmware/1.164.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-zesty to verification-done-zesty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-zesty. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in linux-firmware (Ubuntu Trusty):
status: Fix Committed → In Progress
Seth Forshee (sforshee) on 2017-11-28
description: updated
Andy Whitcroft (apw) wrote :

Hello quanxian, or anyone else affected,

Accepted linux-firmware into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/linux-firmware/1.127.24 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-trusty to verification-done-trusty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-trusty. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in linux-firmware (Ubuntu Trusty):
status: In Progress → Fix Committed
Seth Forshee (sforshee) wrote :

Verified that the firmware files in each package match the files from upstream which were identified as containing the CVE fixes.

tags: added: verification-done-artful verification-done-trusty verification-done-xenial verification-done-zesty
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-firmware - 1.169.1

---------------
linux-firmware (1.169.1) artful; urgency=medium

  * CVE-2017-13080 and CVE-2017-13081 (LP: #1728762)
    - iwlwifi: update firmwares for 3160, 3168, 7265D, 8000C and 8265
    - iwlwifi: update firmwares for 3160, 3168, 7260, 7265 and 7265D

  * a300_[pfp|pm4].fw clashes when installing linux-firmware (LP: #1728908)
    - Add linux-firmware-snapdragon to Breaks: and Replaces:

 -- Seth Forshee <email address hidden> Wed, 15 Nov 2017 15:47:00 -0600

Changed in linux-firmware (Ubuntu Artful):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for linux-firmware has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-firmware - 1.164.2

---------------
linux-firmware (1.164.2) zesty; urgency=medium

  * Add audio topology firmware for Joule (LP: #1689497)
    - UBUNTU: SAUCE: linux-firmware: audio topology binary for Joule

  * CVE-2017-13080 and CVE-2017-13081 (LP: #1728762)
    - iwlwifi: update firmwares for 3160, 3168, 7260, 7265 and 7265D

 -- Seth Forshee <email address hidden> Thu, 16 Nov 2017 10:24:39 -0600

Changed in linux-firmware (Ubuntu Zesty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-firmware - 1.157.14

---------------
linux-firmware (1.157.14) xenial; urgency=medium

  * CVE-2017-13080 and CVE-2017-13081 (LP: #1728762)
    - iwlwifi: update firmwares for 3160, 3168, 7265D, 8000C and 8265
    - iwlwifi: update firmwares for 3160, 3168, 7260, 7265 and 7265D

  * a300_[pfp|pm4].fw clashes when installing linux-firmware (LP: #1728908)
    - Add linux-firmware-snapdragon to Breaks: and Replaces:

 -- Seth Forshee <email address hidden> Wed, 15 Nov 2017 15:58:14 -0600

Changed in linux-firmware (Ubuntu Xenial):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-firmware - 1.127.24

---------------
linux-firmware (1.127.24) trusty; urgency=medium

  * CVE-2017-13080 and CVE-2017-13081 (LP: #1728762)
    - iwlwifi: update firmwares for 3160, 3168, 7260, 7265 and 7265D

 -- Seth Forshee <email address hidden> Thu, 16 Nov 2017 10:54:46 -0600

Changed in linux-firmware (Ubuntu Trusty):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Changed in intel:
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers