What's new

Linux kernel WiFi stack vulnerabilities

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

If they are bleeding edge vulnerabilities that were patched in Linux kernel version 6.1 that’s not even released no obviously they are not patched. Any patch would be released by ASUS not Merlin as Merlin receives these patches from ASUS as the wifi drivers are closed source from Broadcom. Also ASUS routers run a much older Linux kernel which means the vulnerabilities may or may not be applicable.

Still it’s a good thing to bring attention too.
 
Last edited:
If they are bleeding edge vulnerabilities that were patched in Linux version 6.1 that’s not even released no obviously they are not patched. Any patch would be released by ASUS not Merlin as Merlin receives these patches from ASUS as the wifi drivers are closed source. Also ASUS routers run a much older Linux kernel which means the vulnerabilities may or may not be applicable.

Still it’s a good thing to bring attention too.
Well, I asked if they are affected, not if they're already patched. Patches for Linux have been released btw(at least for the 5.x versions):
It could of course be the older Linux kernel is not affected, but I wanted to be sure, that's why I'm asking.
 
Well, I asked if they are affected, not if they're already patched. Patches for Linux have been released btw(at least for the 5.x versions):
It could of course be the older Linux kernel is not affected, but I wanted to be sure, that's why I'm asking.
Linux kernel 4.1.51 is what is running on most of the newer HND routers their are a few running newer kernels but nothing running anything 5.0 or up. Backports from Asus/Broadcom will likely take awhile.

No one knows if it’s vulnerable or not because it’s closed source we cannot even look to say if it is or isn’t. Not even Rmerlin can. I would just assume it is vulnerable until we hear otherwise.

Likely stock versions will get the patch first.
 
Last edited:
Linux Kernel maintainers are backporting fixes but only to 4.9 as that is the earliest version still supported.
4.4 is on SLTS (super long term support) so should get vulnerability fixes.
But I am sure Asus or Broadcom will backport if necessary
 
@DJones, RMerlin has stated some new HND routers are using kernels 5.02 with an increased JFFS size of 192K.
 
@DJones, RMerlin has stated some new HND routers are using kernels 5.02 with an increased JFFS size of 192K.
HND 5.04 uses kernel 4.19.183.

And the increase was to NVRAM, not JFFS2.

Go drunk, you're home? :)
 
Thanks for the correction @RMerlin.

Having some health issues tonight.
 
OK...this may be a stupid question since I haven't touched Linux in a decade and new to Merlin. Why is ASUS not keeping up with the latest releases?
 
OK...this may be a stupid question since I haven't touched Linux in a decade and new to Merlin. Why is ASUS not keeping up with the latest releases?
Because routers aren't Linux desktops or servers, they're embedded devices. This has been explained in detail many times, search for past posts by RMerlin.
 
Are Asuswrt-Merlin and/or stock Asuswrt affected by these?

Yes... sort of...

These issueus are in the mac80211 and cfg80211 subsystems - the broadcom wl driver abstracts some of the calls here...

Broadcom will have to take a look at it, and fixes from there.
 
OK...this may be a stupid question since I haven't touched Linux in a decade and new to Merlin. Why is ASUS not keeping up with the latest releases?

To be honest - because nobody runs on the tip of the sword... even OpenWRT master, which gets close, has some QA latency to ensure stability.

Urgent fixes are usually backported into production releases on any distribution.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top