Is Pi3 vulnerable to broadpwn wifi security flaw？

[sockscap]

It's reported that the issue exits in Broadcom’s BCM43xx family of WiFi chipsets. While Pi3 uses BCM43438, is it also affected?

[rpdom]

Already been discussed a few times. The answer is "yes" and "Broadcom are working on a fix".

viewtopic.php?t=189740#p1193116

viewtopic.php?t=179728

[sockscap]

Thanks! Will keep an eye on the progress and hope a fix can be released soon.

[PhilE]

Cypress (was Broadcom) have released an updated firmware that fixes BroadPWN (CVE-2017-9417) and a few other issues. Details and instructions on how to download and test it can be found here.

Provided testing doesn't uncover any new issues we'll be making a formal release very soon.

[runboy93]

This apply also for BCM43143?

[elkberry]

It applies to all RaspberryPis with integrated Wifi/WLAN, as can be read on the link given to the Raspbian issue on github.

[jamesh]

This apply also for BCM43143?

Odd question. This firmware is for the WiFi equipped models. What were you expecting it to be for?

[bensimmo]

This apply also for BCM43143?

Odd question. This firmware is for the WiFi equipped models. What were you expecting it to be for?

<Cough> that's "your" official WiFi dongle

[jamesh]

Ah, I see.

As far as I know, this is for boards with on board WiFi only. I'LL have to check re the Dongle. Won't be for a week or two, on holiday.

[Paul Webster]

The attack is based on buffer overflow in the firmware for the device.
The blackhat posting gives an example of a/the memcopy call that was subject to the overflow that could be exploited.
I think that someone from RPF, while jamesh is away, should be getting this checked.

[jamesh]

With regard to new firmware for the Pi wireless dongle. We have just heard from Cypress that the chip/firmware in the dongle does not suffer from the broadpwn attack vulnerability, so new firmware is not necessary.

[Paul Webster]

Thanks for the update James.