path: root/arch/arm/xen
diff options
authorJohannes Berg <johannes.berg@intel.com>2017-09-05 14:54:54 +0200
committerJohannes Berg <johannes.berg@intel.com>2017-10-16 13:02:03 +0200
commitfdf7cb4185b60c68e1a75e61691c4afdc15dea0e (patch)
tree65428a5a3961cae26521908dc9cdece90eb4cca0 /arch/arm/xen
parentnet: call cgroup_sk_alloc() earlier in sk_clone_lock() (diff)
mac80211: accept key reinstall without changing anything
When a key is reinstalled we can reset the replay counters etc. which can lead to nonce reuse and/or replay detection being impossible, breaking security properties, as described in the "KRACK attacks". In particular, CVE-2017-13080 applies to GTK rekeying that happened in firmware while the host is in D3, with the second part of the attack being done after the host wakes up. In this case, the wpa_supplicant mitigation isn't sufficient since wpa_supplicant doesn't know the GTK material. In case this happens, simply silently accept the new key coming from userspace but don't take any action on it since it's the same key; this keeps the PN replay counters intact. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions