Bug 22100 - kernel-firmware new security issues CVE-2017-13080 and CVE-2017-13081
Summary: kernel-firmware new security issues CVE-2017-13080 and CVE-2017-13081
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-64-OK MGA6-32-OK
Keywords: advisory, validated_update
Depends on:
Blocks: 22166 22268 22269
  Show dependency treegraph
 
Reported: 2017-11-30 21:12 CET by David Walser
Modified: 2017-12-28 14:18 CET (History)
8 users (show)

See Also:
Source RPM: kernel-firmware-20170531-1.mga6.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2017-11-30 21:12:03 CET
openSUSE has issued an advisory today (November 30):
https://lists.opensuse.org/opensuse-updates/2017-11/msg00096.html

It sounds like we may need to update some firmware due to KRACK.
Comment 1 Thomas Backlund 2017-11-30 21:17:27 CET
Yep,

I already have them in testing as part of updates for switching to 4.14 series kernels... I'll list them shortly...
Comment 2 Thomas Backlund 2017-12-01 11:33:39 CET
Meaning its already fixed in cauldron

Version: Cauldron => 6

Comment 3 Thomas Backlund 2017-12-09 00:01:31 CET
Note to testers, this update needs to go out before or at the same time as the 4.14 series kernel rollout.

Also, to test this, install the firmwares, recreate the initrd with "dracut -f" and reboot and check that your hw still works


Advisory:
Updated nonfree firmwares fixes security issues

Updated nonfree firmwares fixes atleast the following security issues:

Broadcom firmware fixes:
- dropping BRCM proprietary packets received over the air (CVE-2016-0801)
- adding length checks for TDLS action frames (CVE-2017-0561)
- adding length checks for WME IE (CVE-2017-9417)

Iwlwifi firmware fixes:
- The reinstallation of the Group Temporal key could be used for replay
  attacks (CVE-2017-13080)
- The reinstallation of the Integrity Group Temporal key could be used
  for replay attacks (CVE-2017-13081)

This update also add new and updated firmwares for various hardware
supported by the 4.14 series kernels.



SRPMS:
kernel-firmware-nonfree-20171206-1.mga6.nonfree.src.rpm
radeon-firmware-20171205-1.mga6.nonfree.src.rpm



i586:
kernel-firmware-nonfree-20171206-1.mga6.nonfree.noarch.rpm
iwlwifi-firmware-20171206-1.mga6.nonfree.noarch.rpm
radeon-firmware-20171205-1.mga6.nonfree.noarch.rpm
ralink-firmware-20171206-1.mga6.nonfree.noarch.rpm
rtlwifi-firmware-20171206-1.mga6.nonfree.noarch.rpm



x86_64:
kernel-firmware-nonfree-20171206-1.mga6.nonfree.noarch.rpm
iwlwifi-firmware-20171206-1.mga6.nonfree.noarch.rpm
ralink-firmware-20171206-1.mga6.nonfree.noarch.rpm
rtlwifi-firmware-20171206-1.mga6.nonfree.noarch.rpm
radeon-firmware-20171205-1.mga6.nonfree.noarch.rpm

Assignee: tmb => qa-bugs

Comment 4 James Kerr 2017-12-09 15:10:35 CET
on mga6-64

uname -r
4.9.56-desktop-1.mga6

packages installed cleanly:
- iwlwifi-firmware-20171206-1.mga6.nonfree.noarch
- kernel-firmware-nonfree-20171206-1.mga6.nonfree.noarch
- radeon-firmware-20171205-1.mga6.nonfree.noarch
- ralink-firmware-20171206-1.mga6.nonfree.noarch
- rtlwifi-firmware-20171206-1.mga6.nonfree.noarch

executed
dracut -f
rebooted

no regressions noted

OK for mga6-64 on this system

However, I have no wifi devices and so this needs to be tested by those who do.

Dell product: Precision Tower 3620
Mobo: Dell model: 09WH54 
Card: Intel HD Graphics 530
CPU: Quad core Intel Core i7-6700 (-HT-MCP-)
PC-BIOS (legacy) boot
GPT partitions

CC: (none) => jim

Comment 5 James Kerr 2017-12-09 15:14:22 CET
There is an iwlwifi-agn-ucode package in testing. Is that supposed to be part of this update?
Comment 6 Thomas Backlund 2017-12-09 16:35:04 CET
(In reply to James Kerr from comment #5)
> There is an iwlwifi-agn-ucode package in testing. Is that supposed to be
> part of this update?

nope, it's replaced by iwlwifi-firmware, but I forgot to nuke it from the mirrors...

(In reply to James Kerr from comment #4)

> 
> However, I have no wifi devices and so this needs to be tested by those who
> do.
> 

Yeah, but you have this one that also got an update :) :

> Card: Intel HD Graphics 530


Having said that, I've tested it on intel 7265 and 8265 wifi and it still works..

CC: (none) => tmb

Comment 7 Len Lawrence 2017-12-10 19:10:27 CET
$ inxi -b
System:    Host: vega Kernel: 4.9.56-1.mga6 x86_64 (64 bit)
           Desktop: MATE 1.18.0  Distro: Mageia 6 mga6
Machine:   Device: desktop Mobo: Gigabyte model: G1.Sniper Z97 v: x.x
           UEFI: American Megatrends v: F6 date: 05/30/2014
CPU:       Quad core Intel Core i7-4790K (-HT-MCP-) speed/max: 4399/4400 MHz
Graphics:  Card-1: Intel Xeon E3-1200 v3/4th Gen Core Processor Integrated Graphics Controller
           Card-2: NVIDIA GK104 [GeForce GTX 770]
           Display Server: Mageia X.org 119.5 drivers: nvidia,v4l,intel
           Resolution: 2560x1440, 1024x768
           GLX Renderer: GeForce GTX 770/PCIe/SSE2
           GLX Version: 4.5.0 NVIDIA 384.98
Network:   Card-1: Qualcomm Atheros Killer E220x Gigabit Ethernet Controller
           driver: alx
           Card-2: Ralink RT3090 Wireless 802.11n 1T/1R PCIe driver: rt2800pci
Drives:    HDD Total Size: 4892.9GB (49.0% used)
Info:      Processes: 307 Uptime: 1 min Memory: 1000.2/15722.4MB
           Client: Shell (bash) inxi: 2.3.11 

Ran the updates and rebooted the machine.  Everything running fine.

CC: (none) => tarazed25

Comment 8 Len Lawrence 2017-12-10 19:25:10 CET
$ inxi -b
System:    Host: difda Kernel: 4.9.56-desktop-1.mga6 x86_64 (64 bit)
           Desktop: MATE 1.18.0  Distro: Mageia 6 mga6
Machine:   Device: desktop Mobo: MSI model: Z97-G43 (MS-7816) v: 3.0
           UEFI: American Megatrends v: V17.8 date: 12/24/2014
CPU:       Quad core Intel Core i7-4790 (-HT-MCP-) speed/max: 3863/4000 MHz
Graphics:  Card: NVIDIA GM204 [GeForce GTX 970]
           Display Server: Mageia X.org 119.5 drivers: nvidia,v4l
           Resolution: 3840x2160@60.00hz
           GLX Renderer: GeForce GTX 970/PCIe/SSE2
           GLX Version: 4.5.0 NVIDIA 384.98
Network:   Card: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
           driver: r8169
Drives:    HDD Total Size: 3740.8GB (20.1% used)
Info:      Processes: 245 Uptime: 6 min Memory: 900.3/32126.7MB
           Client: Shell (bash) inxi: 2.3.11 

Ran the updates and rebooted without issue.
Everything running fine so far.
Comment 9 Len Lawrence 2017-12-10 19:49:18 CET
$ inxi -b
System:    Host: hamal Kernel: 4.9.56-desktop-1.mga6 x86_64 (64 bit)
           Desktop: MATE 1.18.0  Distro: Mageia 6 mga6
Machine:   Device: laptop System: Dell product: XPS 13 9360
           Mobo: Dell model: 06CC14 v: A00
           UEFI: Dell v: 1.3.2 date: 01/18/2017
Battery    BAT0: charge: 68.3 Wh 86.6% condition: 78.9/78.9 Wh (100%)
CPU:       Dual core Intel Core i7-7500U (-HT-MCP-) speed/max: 3499/3500 MHz
Graphics:  Card: Intel HD Graphics 620
           Display Server: Mageia X.org 119.5 driver: N/A
           Resolution: 3200x1800@59.98hz
           GLX Renderer: Mesa DRI Intel HD Graphics 620 (Kaby Lake GT2)
           GLX Version: 3.0 Mesa 17.1.5
Network:   Card-1: Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter
           driver: ath10k_pci
           Card-2: Atheros
Drives:    HDD Total Size: NA (-)
Info:      Processes: 282 Uptime: 1 min Memory: 1128.6/15933.5MB
           Client: Shell (bash) inxi: 2.3.11 

Updated the firmware files, rebooted and all is running smoothly.
Comment 10 Len Lawrence 2017-12-10 19:56:58 CET
Re comment 9: 16 GB RAM, 3 partitions on 1TB nvme drive.
Thomas Backlund 2017-12-10 21:23:00 CET

Blocks: (none) => 22166

Comment 11 Len Lawrence 2017-12-11 21:29:37 CET
System:    Host: canopus Kernel: 4.9.56-desktop-1.mga6 x86_64 (64 bit)
           Desktop: MATE 1.18.0  Distro: Mageia 6 mga6
Machine:   Device: portable System: Dell product: MXG071
           Mobo: Dell model: 0KX412 BIOS: Dell v: A06 date: 02/04/2008
Network:   Card-1: Broadcom Limited NetXtreme BCM5754M Gigabit Ethernet PCI Express
           driver: tg3
           Card-2: Intel PRO/Wireless 3945ABG [Golan] Network Connection
           driver: iwl3945

Rebooted OK after the updates and networking is running fine including ssh and network shares.
Comment 12 Len Lawrence 2017-12-12 12:25:05 CET
System:    Host: hamal Kernel: 4.9.56-desktop-1.mga6 x86_64 (64 bit)
           Desktop: MATE 1.18.0  Distro: Mageia 6 mga6
Machine:   Device: laptop System: Dell product: XPS 13 9360
           Mobo: Dell model: 06CC14 v: A00
Network:   Card-1: Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter
           driver: ath10k_pci
           Card-2: Atheros

No problem with installation.
$ dracut -f
# ll initrd*
-rw------- 1 root root 9259528 Dec 12 11:17 initrd-4.9.56-desktop-1.mga6.img

After reboot wifi was up and working, NFS shares in place.

$ rpm -qa | grep 20171206
rtlwifi-firmware-20171206-1.mga6.nonfree
iwlwifi-firmware-20171206-1.mga6.nonfree
ralink-firmware-20171206-1.mga6.nonfree
kernel-firmware-nonfree-20171206-1.mga6.nonfree
Comment 13 Thomas Andrews 2017-12-12 16:30:32 CET
Installed these packages and all others associated with the desktop kernel 4.14.5 update on a 64-bit system on my HP Probook 6550b. (i3, 8GB, Intel graphics, Intel wifi) The idea was to simulate a user getting thes updates all at once.

All packages installed cleanly, and everything seems to be functioning as it should. Common apps (Firefox, GIMP, vlc) all work.

CC: (none) => andrewsfarm

Comment 14 Len Lawrence 2017-12-12 16:54:42 CET
System:    Host: markab Kernel: 4.9.56-desktop-1.mga6 x86_64 (64 bit)
           Desktop: MATE 1.18.0  Distro: Mageia 6 mga6
Network:   Card-1: Qualcomm Atheros Killer E220x Gigabit Ethernet Controller
           driver: alx
           Card-2: Intel Wireless 7265 driver: iwlwifi

Aorus
Machine:   Device: laptop System: GIGABYTE product: X5
           Mobo: GIGABYTE model: X5

Updated the firmware.
$ dracut -f
Everything seemed to be running fine after reboot.

$ ll /boot/initrd*
-rw------- 1 root root 8733059 Dec 12 14:23 /boot/initrd-4.9.56-desktop-1.mga6.img
Comment 15 Thomas Andrews 2017-12-13 16:22:50 CET
After installing the new nvidia340 driver, I updated the firmware and all other appropriate packages related to the 4.14.5 server kernel update, on 64-bit and 32-bit systems on the same hardware:

ASRock motherboard, AMD Athlon X2 7750 processor, 8GB RAM, nvidia 9800GT graphics, Atheros AR9485 wifi adapter.

And, I executed the "dracut -f" command on each system.

After the reboot, both systems seemed to be running fine. No regressions noted.
Comment 16 Len Lawrence 2017-12-15 20:45:30 CET
4.9.56-desktop-1.mga6 :: x86_64

Updates:
- cpupower-4.14.4-1.mga6.x86_64
- dkms-virtualbox-5.2.2-1.mga6.noarch
- kernel-desktop-4.14.4-1.mga6-1-1.mga6.x86_64
- kernel-desktop-devel-4.14.4-1.mga6-1-1.mga6.x86_64
- kernel-desktop-devel-latest-4.14.4-1.mga6.x86_64
- kernel-desktop-latest-4.14.4-1.mga6.x86_64
- kernel-doc-4.14.4-1.mga6.noarch
- kernel-source-4.14.4-1.mga6-1-1.mga6.noarch
- kernel-source-latest-4.14.4-1.mga6.noarch
- kernel-userspace-headers-4.14.4-1.mga6.x86_64
- perf-4.14.4-1.mga6.x86_64

$ sudo urpmi cpupower-devel
$ drakboot --boot
$ reboot

Rebooted to working desktop.

System:    Host: difda Kernel: 4.14.4-desktop-1.mga6 x86_64 (64 bit)
           Desktop: MATE 1.18.0  Distro: Mageia 6 mga6
CPU:       Quad core Intel Core i7-4790 (-HT-MCP-) speed/max: 3599/4000 MHz
RAM:       31.37 GB
Network:   Card: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
           driver: r8169

NFS shares OK.
Ran stress tests and hit problems.  The cpu and memory tests ran fine but the disk read/write test failed to terminate and could not be killed from the commandline.  The io tests also failed to terminate.  Had to logout and reboot.

Tried
$ stress -d 1 -t 10
and that failed to terminate.  Killed the process but it respawned immediately.
By watching the process id it could be seen that the process did terminate but then respawned with another pid.

The firmware packages had already been updated.
Comment 17 Len Lawrence 2017-12-15 20:54:46 CET
Oh my lord - posted on he wrong bug.
Comment 18 Brian Rockwell 2017-12-15 22:36:50 CET
# uname -a 
Linux localhost 4.9.56-desktop-1.mga6 #1 SMP Thu Oct 12 22:55:31 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

RS780L [Radeon 3000]
AMD Athlon(tm) II X3 450 Processor
AR8151 v2.0 Gigabit Ethernet


The following 3 packages are going to be installed:

- iwlwifi-firmware-20171206-1.mga6.nonfree.noarch
- kernel-firmware-nonfree-20171206-1.mga6.nonfree.noarch
- radeon-firmware-20171205-1.mga6.nonfree.noarch



dracut -f


rebooted

no issues

CC: (none) => brtians1

Comment 19 Thomas Backlund 2017-12-21 23:38:30 CET
The srpms are now:

SRPMS:
kernel-firmware-nonfree-20171220-1.mga6.nonfree.src.rpm
radeon-firmware-20171205-1.mga6.nonfree.src.rpm

The only change is in the kernel-firmware-nonfree package:
- nvidia: add GP108 signed firmware

wich means we can support GTX1030 with free driver and kernel 4.14


so the already done tests are still valid
Comment 20 Thomas Backlund 2017-12-22 14:31:02 CET
Updated advisory added to svn:

subject: Updated nonfree firmwares fixes security issues and adds new hw support
CVE:
 - CVE-2016-0801
 - CVE-2017-0561
 - CVE-2017-9417
 - CVE-2017-13080
 - CVE-2017-13081
src:
  6:
   nonfree:
     - kernel-firmware-nonfree-20171220-1.mga6.nonfree
     - radeon-firmware-20171205-1.mga6.nonfree
description: |
  Updated nonfree firmwares fixes atleast the following security issues:

Broadcom firmware fixes:
- dropping BRCM proprietary packets received over the air (CVE-2016-0801)
- adding length checks for TDLS action frames (CVE-2017-0561)
- adding length checks for WME IE (CVE-2017-9417)

Iwlwifi firmware fixes:
- The reinstallation of the Group Temporal key could be used for replay
  attacks (CVE-2017-13080)
- The reinstallation of the Integrity Group Temporal key could be used
  for replay attacks (CVE-2017-13081)

  This update also adds updated firmwares:
  * ath10k, cxgb4, liquidio, mrvl, ql2400, ql2500, wilc1000
  * Amd Polaris10-12, Intel BXT/SKL/KBL/CNL 

  and new firmwares:
  * Amd Vega10 and Raven 
  * Cavium nitrox 
  * Intel CNL/GLK, IPU3, JeffersonPeak, ThunderPeak
  * Mellanox Spectrum
  * nVidia GP108 (GTX1030)
  * Qualcom Adreno  &Venus, imx SDMA, 
  * Realtek rtl8822be 

  in order to support new hardware supported by 4.14 series kernels.

Keywords: (none) => advisory

Thomas Backlund 2017-12-26 02:05:33 CET

Blocks: (none) => 22268

Thomas Backlund 2017-12-26 02:05:41 CET

Blocks: (none) => 22269

Comment 21 Manuel Hiebel 2017-12-26 20:53:01 CET
No regression for me on x86_64, i3-2330M , BCM4313
Comment 22 Lewis Smith 2017-12-26 22:05:09 CET
M6/64 real EFI hardware with Radeon HD7310 graphics.
*No* wifi.
Kernel 4.14.5-tmb-desktop-1.mga6esktop (also normal desktop kernel).

kernel-firmware-nonfree-20171220-1.mga6.nonfree
iwlwifi-firmware-20171220-1.mga6.nonfree
ralink-firmware-20171220-1.mga6.nonfree
rtlwifi-firmware-20171220-1.mga6.nonfree
radeon-firmware-20171205-1.mga6.nonfree

Note that the first four are more recent than shown in comment 3 (20171206), in line with comment 19 (20171220).

Have been running with these for some time, no problems.
@tmb : Most good tests have been with earlier version of these pkgs. Are we allowed to OK them for 64-bit?

CC: (none) => lewyssmith

Comment 23 Thomas Backlund 2017-12-26 23:06:39 CET
(In reply to Lewis Smith from comment #22)
>
> @tmb : Most good tests have been with earlier version of these pkgs. Are we
> allowed to OK them for 64-bit?


Yes, as stated in comment 19, the only change between 20171206 and 20171220 is:
adding this:
- nvidia: add GP108 signed firmware

that adds support for nVidia GTX1030 series hw, something we didn't have firmware for before...
Comment 24 Dave Hodgins 2017-12-27 10:17:29 CET
No problems encountered while testing the kernel updates.

Validating the update.

I've completed my testing of the kernel updates (all kernels, both arches) on
real hardware.

Will test the kernel updates under vb shortly.

CC: (none) => davidwhodgins, sysadmin-bugs
Whiteboard: (none) => MGA6-64-OK MGA6-32-OK
Keywords: (none) => validated_update

Comment 25 Mageia Robot 2017-12-28 14:18:07 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2017-0472.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.