-
Notifications
You must be signed in to change notification settings - Fork 100
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Marvell WiFi Vulnerability #13
Comments
The vulnerability in question is CVE-2019-6496 (relevant article) I did a bit of digging on this by SSHing into my Steam Link, as far as I can tell from the files at So I think it's still vulnerable :/ NOTE: I am just a web developer, not a security researcher or anything, so I may very well be wrong about this and it has been patched, but I haven't seen anything in the build history nor any communication from Valve on a patch, so I wanted to investigate a bit and figure it out. |
Actually, correction: I can't tell for sure if the CVE was fixed by this commit in Linux, but if it was then it was copied over to the Steam Link kernel with 6117136 Looks like this commit as well: torvalds/linux@13ec7f1 |
It hasn't, thats another fix for something else. Also, CVE-2019-6496 isn't mentioned.
Also not. You can read this in the comment "This fix addresses CVE-2019-3846." which not the same CVE. Did some digging, for future readers: At time of posting I don't believe the fix is implemented. Based on that the last update to the firmware binaries was 7 years ago in 9d59634. With the missing response of Valve to the vulnerability here kb.cert.org from 2019, it's safe to assume Vale did not yet has a fix ready. I doubt any will come. edit: Marvell's statement: https://www.marvell.com/search.html?search=CVE-2019-6496 (search results. title is a clickable to a downloadable PDF.) |
According to Marvell's recent statement, there seems to be a firmware update for the vulnerability in the WiFi chip employed in the Steam Link. Is this firmware already active in the latest beta version of SteamLink? It's a critical vulnerability, and I'd rather not use my Steamlink for as long as it's vulnerable, which is a real pity, since I enjoy it so much.
The text was updated successfully, but these errors were encountered: