Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

Wi-Fi Combo Forum Discussions

mmch
Level 2
Level 2
10 replies posted 10 sign-ins 5 replies posted

Hi,

Is there a clear centralized exhaustive list (and history) of know vulnerabilities in the CYW4343W (or all chips) firmware ?

Browsing https://github.com/Infineon/wifi-host-driver commits to RELEASE.md (like that Upload wifi-host-driver 1.94.0.6931 · Infineon/wifi-host-driver@19968e1 (github.com)) I can see that there is a few changelogs related to the CYW4343W firmware.
--- 7.45.98.120 ---
Fix pmk caching
--- 7.45.98.117 ---
Security fixes
Memory usage reduction by disabling debug features
--- 7.45.98.110 ---
Fixed zero stall on UDP
Fixed Tx traffic too less then RX
--- 7.45.98.95 ---
Fixed zero stall on UDP
--- 7.45.98.92 ---
Security fix (KRACK all-zero-key)
--- 7.45.98.89 ---
Security fix(Dragonblood WPA3 attack)
TCP Keepalive Implementation
Security fix(CVE-2019-9501 / CVE-2019-9502)
--- 7.45.98.81 ---

This list is not easy to build and browse, the known vulnerabilities should be centralized.

Is this list exhaustive ?

How can we know what version exactly fixes a vulnerability ? This only show ranges...

Between 7.45.98.110 and 7.45.98.117, it is only mentioned "Security fixes"... Where can we get more details on this/these vulnerability(ies) ?

Looking at this blog post (Potential Fragmentation Vulnerabilities for Wi-Fi ... - Infineon Developer Community), it looks like the CYW4343W could by affected. How can we make sure whether it is or not ?

Any more information about firmware vulnerabilities is welcome.

Thanks and best regards

0 Likes
5 Replies
Rakesh_BG
Moderator
Moderator
Moderator
100 replies posted 100 sign-ins 10 likes received

Hi @mmch ,

We have fixed all vulnerabilities fixes in wifi host driver.

You can use the same for cyw4343w with vulnerabilities fixes. For which the link is attached below.

https://github.com/Infineon/wifi-host-driver

Thanks,

Rakesh B G

0 Likes
mmch
Level 2
Level 2
10 replies posted 10 sign-ins 5 replies posted

Hi @Rakesh_BG,

Thanks for the reply, however it doesn't answer my questions.
Could you please give more details on the vulnerabilities as I asked ?

Thanks and best regards.

0 Likes
mmch
Level 2
Level 2
10 replies posted 10 sign-ins 5 replies posted

Hi @Rakesh_BG,

Since it has been more than a month, do you have anything to share ?

Best regards,
Mehdi

0 Likes
Rakesh_BG
Moderator
Moderator
Moderator
100 replies posted 100 sign-ins 10 likes received

Hi @mmch ,

There is nothing more information available to share over the details you already have.

Thanks,

Rakesh B G

0 Likes