Outdated brcmfmac firmware for Raspberry Pi 4 in OpenWrt 21.02.1

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
drone424
Level 1
Level 1
First question asked Welcome!

I'm currently running version 7.45.206 of the brcmfmac43455-sdio firmware (release v5.4.18-2020_0402 reporting a date of Mar 23, 2020) on a Raspberry Pi 4B as part of the latest release of OpenWrt (21.02.1) configured as a dumb AP, and they don't seem to have plans in the near future to update to the latest released firmware for the CYW43455, which seems to be 7.45.234 (2021_0520 release).  Were any security vulnerabilities patched in the brcmfmac43455-sdio firmware versions released after 7.45.206?  My main concern is for the security of my network running the older firmware so any comments or suggestions to help me decide would be appreciated.

And would it make sense to try upgrading the firmware myself, or might there be incompatibilities with OpenWrt between the latest version and the one I'm running?  I'm not sure how compatible the two versions are (7.45.206 vs. 7.45.234) from the perspective of the driver/OS.  Is the upgrade process just a matter of replacing the firmware files in /lib/firmware/brcm with newer ones?

Thanks in advance for your time!

0 Likes
1 Solution
raks_99
Moderator
Moderator
Moderator
First question asked 250 replies posted 250 sign-ins

Hey @drone424 ,

I think you can use the latest firmware by just replacing the bin file as you mentioned. There are important security vulnerabilities that are fixed in the 7_45_234 (Frag attacks for example https://community.cypress.com/t5/Security-Bulletin/Potential-Fragmentation-Vulnerabilities-for-Wi-Fi...).

There should be no issues by just replacing the firmware. So the older OS/driver should function properly.

Thanks,

 

 

View solution in original post

0 Likes
1 Reply
raks_99
Moderator
Moderator
Moderator
First question asked 250 replies posted 250 sign-ins

Hey @drone424 ,

I think you can use the latest firmware by just replacing the bin file as you mentioned. There are important security vulnerabilities that are fixed in the 7_45_234 (Frag attacks for example https://community.cypress.com/t5/Security-Bulletin/Potential-Fragmentation-Vulnerabilities-for-Wi-Fi...).

There should be no issues by just replacing the firmware. So the older OS/driver should function properly.

Thanks,

 

 

0 Likes