Linux kernel WiFi stack vulnerabilities

DJones

Senior Member
If they are bleeding edge vulnerabilities that were patched in Linux kernel version 6.1 that’s not even released no obviously they are not patched. Any patch would be released by ASUS not Merlin as Merlin receives these patches from ASUS as the wifi drivers are closed source from Broadcom. Also ASUS routers run a much older Linux kernel which means the vulnerabilities may or may not be applicable.

Still it’s a good thing to bring attention too.
 
Last edited:

merlin_user123

Occasional Visitor
If they are bleeding edge vulnerabilities that were patched in Linux version 6.1 that’s not even released no obviously they are not patched. Any patch would be released by ASUS not Merlin as Merlin receives these patches from ASUS as the wifi drivers are closed source. Also ASUS routers run a much older Linux kernel which means the vulnerabilities may or may not be applicable.

Still it’s a good thing to bring attention too.
Well, I asked if they are affected, not if they're already patched. Patches for Linux have been released btw(at least for the 5.x versions):
It could of course be the older Linux kernel is not affected, but I wanted to be sure, that's why I'm asking.
 

DJones

Senior Member
Well, I asked if they are affected, not if they're already patched. Patches for Linux have been released btw(at least for the 5.x versions):
It could of course be the older Linux kernel is not affected, but I wanted to be sure, that's why I'm asking.
Linux kernel 4.1.51 is what is running on most of the newer HND routers their are a few running newer kernels but nothing running anything 5.0 or up. Backports from Asus/Broadcom will likely take awhile.

No one knows if it’s vulnerable or not because it’s closed source we cannot even look to say if it is or isn’t. Not even Rmerlin can. I would just assume it is vulnerable until we hear otherwise.

Likely stock versions will get the patch first.
 
Last edited:

egc

Occasional Visitor
Linux Kernel maintainers are backporting fixes but only to 4.9 as that is the earliest version still supported.
4.4 is on SLTS (super long term support) so should get vulnerability fixes.
But I am sure Asus or Broadcom will backport if necessary
 

L&LD

Part of the Furniture
@DJones, RMerlin has stated some new HND routers are using kernels 5.02 with an increased JFFS size of 192K.
 

L&LD

Part of the Furniture
Thanks for the correction @RMerlin.

Having some health issues tonight.
 

blondeboyzz

Occasional Visitor
OK...this may be a stupid question since I haven't touched Linux in a decade and new to Merlin. Why is ASUS not keeping up with the latest releases?
 

ColinTaylor

Part of the Furniture
OK...this may be a stupid question since I haven't touched Linux in a decade and new to Merlin. Why is ASUS not keeping up with the latest releases?
Because routers aren't Linux desktops or servers, they're embedded devices. This has been explained in detail many times, search for past posts by RMerlin.
 

sfx2000

Part of the Furniture
Are Asuswrt-Merlin and/or stock Asuswrt affected by these?

Yes... sort of...

These issueus are in the mac80211 and cfg80211 subsystems - the broadcom wl driver abstracts some of the calls here...

Broadcom will have to take a look at it, and fixes from there.
 

sfx2000

Part of the Furniture
OK...this may be a stupid question since I haven't touched Linux in a decade and new to Merlin. Why is ASUS not keeping up with the latest releases?

To be honest - because nobody runs on the tip of the sword... even OpenWRT master, which gets close, has some QA latency to ensure stability.

Urgent fixes are usually backported into production releases on any distribution.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top