Marvell WiFi Vulnerability #13
Comments
|
The vulnerability in question is CVE-2019-6496 (relevant article) I did a bit of digging on this by SSHing into my Steam Link, as far as I can tell from the files at So I think it's still vulnerable :/ NOTE: I am just a web developer, not a security researcher or anything, so I may very well be wrong about this and it has been patched, but I haven't seen anything in the build history nor any communication from Valve on a patch, so I wanted to investigate a bit and figure it out. |
|
Actually, correction: I can't tell for sure if the CVE was fixed by this commit in Linux, but if it was then it was copied over to the Steam Link kernel with 6117136 Looks like this commit as well: torvalds/linux@13ec7f1 |
It hasn't, thats another fix for something else. Also, CVE-2019-6496 isn't mentioned.
Also not. You can read this in the comment "This fix addresses CVE-2019-3846." which not the same CVE. Did some digging, for future readers: At time of posting I don't believe the fix is implemented. Based on that the last update to the firmware binaries was 7 years ago in 9d59634. With the missing response of Valve to the vulnerability here kb.cert.org from 2019, it's safe to assume Vale did not yet has a fix ready. I doubt any will come. edit: Marvell's statement: https://www.marvell.com/search.html?search=CVE-2019-6496 (search results. title is a clickable to a downloadable PDF.) |
According to Marvell's recent statement, there seems to be a firmware update for the vulnerability in the WiFi chip employed in the Steam Link. Is this firmware already active in the latest beta version of SteamLink? It's a critical vulnerability, and I'd rather not use my Steamlink for as long as it's vulnerable, which is a real pity, since I enjoy it so much.
The text was updated successfully, but these errors were encountered: