Hi,
Is there a clear centralized exhaustive list (and history) of know vulnerabilities in the CYW4343W (or all chips) firmware ?
Browsing https://github.com/Infineon/wifi-host-driver commits to RELEASE.md (like that Upload wifi-host-driver 1.94.0.6931 · Infineon/wifi-host-driver@19968e1 (github.com)) I can see that there is a few changelogs related to the CYW4343W firmware.
--- 7.45.98.120 ---
Fix pmk caching
--- 7.45.98.117 ---
Security fixes
Memory usage reduction by disabling debug features
--- 7.45.98.110 ---
Fixed zero stall on UDP
Fixed Tx traffic too less then RX
--- 7.45.98.95 ---
Fixed zero stall on UDP
--- 7.45.98.92 ---
Security fix (KRACK all-zero-key)
--- 7.45.98.89 ---
Security fix(Dragonblood WPA3 attack)
TCP Keepalive Implementation
Security fix(CVE-2019-9501 / CVE-2019-9502)
--- 7.45.98.81 ---
This list is not easy to build and browse, the known vulnerabilities should be centralized.
Is this list exhaustive ?
How can we know what version exactly fixes a vulnerability ? This only show ranges...
Between 7.45.98.110 and 7.45.98.117, it is only mentioned "Security fixes"... Where can we get more details on this/these vulnerability(ies) ?
Looking at this blog post (Potential Fragmentation Vulnerabilities for Wi-Fi ... - Infineon Developer Community), it looks like the CYW4343W could by affected. How can we make sure whether it is or not ?
Any more information about firmware vulnerabilities is welcome.
Thanks and best regards
