mwifiex stops working after kernel upgrade
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
HWE Next |
Fix Released
|
Undecided
|
Jesse Sung | ||
linux (Ubuntu) |
Fix Released
|
Medium
|
Jesse Sung | ||
Xenial |
Fix Released
|
Medium
|
Jesse Sung | ||
Bionic |
Fix Released
|
Medium
|
Jesse Sung | ||
Focal |
Fix Released
|
Medium
|
Jesse Sung | ||
Groovy |
Fix Released
|
Medium
|
Jesse Sung |
Bug Description
== Impact ==
Marvell WiFi cards supported by the mwifiex driver may fail to connect to some access points after kernel upgrade.
This is caused by the commit
commit e18696786548244
Author: Dan Carpenter <email address hidden>
Date: Wed Jul 8 14:58:57 2020 +0300
mwifiex: Prevent memory corruption handling keys
The length of the key comes from the network and it's a 16 bit number. It
needs to be capped to prevent a buffer overflow.
Fixes: 5e6e3a92b9a4 ("wireless: mwifiex: initial commit for Marvell mwifiex driver")
Signed-off-by: Dan Carpenter <email address hidden>
Acked-by: Ganapathi Bhat <email address hidden>
Signed-off-by: Kalle Valo <email address hidden>
Link: https:/
The commit added a check to mwifiex_
The commit is included in Ubuntu-
== Fix ==
There's already a fix in the mainline which increase the key buffer size to 32 bytes:
commit 4afc850e2e9e781
Author: Maximilian Luz <email address hidden>
Date: Tue Aug 25 17:38:29 2020 +0200
mwifiex: Increase AES key storage size to 256 bits
Following commit e18696786548 ("mwifiex: Prevent memory corruption
handling keys") the mwifiex driver fails to authenticate with certain
networks, specifically networks with 256 bit keys, and repeatedly asks
for the password. The kernel log repeats the following lines (id and
bssid redacted):
Tracking down this problem lead to the overflow check introduced by the
aforementioned commit into mwifiex_
check fails on networks with 256 bit keys due to the current storage
size for AES keys in struct mwifiex_aes_param being only 128 bit.
To fix this issue, increase the storage size for AES keys to 256 bit.
Fixes: e18696786548 ("mwifiex: Prevent memory corruption handling keys")
Signed-off-by: Maximilian Luz <email address hidden>
Reported-by: Kaloyan Nikolov <email address hidden>
Tested-by: Kaloyan Nikolov <email address hidden>
Reviewed-by: Dan Carpenter <email address hidden>
Reviewed-by: Brian Norris <email address hidden>
Tested-by: Brian Norris <email address hidden>
Signed-off-by: Kalle Valo <email address hidden>
Link: https://<email address hidden>
== Regression Potential ==
Low. While the fix increases the buffer size, it still checks and make sure data to be copy can fit into the buffer. Also the commit does fix the issue we saw in the Cert lab.
CVE References
Changed in linux (Ubuntu Xenial): | |
status: | New → In Progress |
Changed in linux (Ubuntu Bionic): | |
status: | New → In Progress |
Changed in linux (Ubuntu Focal): | |
status: | New → In Progress |
Changed in linux (Ubuntu Xenial): | |
assignee: | nobody → Jesse Sung (wenchien) |
Changed in linux (Ubuntu Bionic): | |
assignee: | nobody → Jesse Sung (wenchien) |
Changed in linux (Ubuntu Focal): | |
assignee: | nobody → Jesse Sung (wenchien) |
tags: | added: oem-priority originate-from-1896647 plano |
Changed in hwe-next: | |
status: | New → Fix Released |
assignee: | nobody → Jesse Sung (wenchien) |
Changed in linux (Ubuntu Xenial): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Bionic): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Focal): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Groovy): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Xenial): | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done-xenial removed: verification-needed-xenial |
Changed in linux (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done-bionic verification-done-focal removed: verification-needed-bionic verification-needed-focal |
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification- needed- xenial' to 'verification- done-xenial' . If the problem still exists, change the tag 'verification- needed- xenial' to 'verification- failed- xenial' .
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you!