- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Is there a clear centralized exhaustive list (and history) of know vulnerabilities in the CYW4343W (or all chips) firmware ?
Browsing https://github.com/Infineon/wifi-host-driver commits to RELEASE.md (like that Upload wifi-host-driver 1.94.0.6931 · Infineon/wifi-host-driver@19968e1 (github.com)) I can see that there is a few changelogs related to the CYW4343W firmware.
--- 7.45.98.120 ---
Fix pmk caching
--- 7.45.98.117 ---
Security fixes
Memory usage reduction by disabling debug features
--- 7.45.98.110 ---
Fixed zero stall on UDP
Fixed Tx traffic too less then RX
--- 7.45.98.95 ---
Fixed zero stall on UDP
--- 7.45.98.92 ---
Security fix (KRACK all-zero-key)
--- 7.45.98.89 ---
Security fix(Dragonblood WPA3 attack)
TCP Keepalive Implementation
Security fix(CVE-2019-9501 / CVE-2019-9502)
--- 7.45.98.81 ---
This list is not easy to build and browse, the known vulnerabilities should be centralized.
Is this list exhaustive ?
How can we know what version exactly fixes a vulnerability ? This only show ranges...
Between 7.45.98.110 and 7.45.98.117, it is only mentioned "Security fixes"... Where can we get more details on this/these vulnerability(ies) ?
Looking at this blog post (Potential Fragmentation Vulnerabilities for Wi-Fi ... - Infineon Developer Community), it looks like the CYW4343W could by affected. How can we make sure whether it is or not ?
Any more information about firmware vulnerabilities is welcome.
Thanks and best regards
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @mmch ,
We have fixed all vulnerabilities fixes in wifi host driver.
You can use the same for cyw4343w with vulnerabilities fixes. For which the link is attached below.
https://github.com/Infineon/wifi-host-driver
Thanks,
Rakesh B G
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @mmch ,
We have fixed all vulnerabilities fixes in wifi host driver.
You can use the same for cyw4343w with vulnerabilities fixes. For which the link is attached below.
https://github.com/Infineon/wifi-host-driver
Thanks,
Rakesh B G
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Rakesh_BG,
Thanks for the reply, however it doesn't answer my questions.
Could you please give more details on the vulnerabilities as I asked ?
Thanks and best regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Rakesh_BG,
I didn't mention it before, but the same questions would go for the BLE firmware as well.
What about these for example ?
- Security Bulletin: BLE Security Vulnerabilities C... - Infineon Developer Community
- Security Bulletin: Potential Wi-Fi + Bluetooth Com... - Infineon Developer Community
- Bluetooth Denial of Service Vulnerabilities (‘Brak... - Infineon Developer Community
- Security Bulletin: Public Statement on Bluetooth S... - Infineon Developer Community
Thanks again and best regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Rakesh_BG,
Since it has been more than a month, do you have anything to share ?
Best regards,
Mehdi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @mmch ,
There is nothing more information available to share over the details you already have.
Thanks,
Rakesh B G