pyrox.dev / nixpkgs
lol
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

linuxPackages.broadcom_sta: added CVE's and unmaintained warning to meta.knownVulnerabilities

Important warning: this module has reached the end of support from Broadcom.
It is therefore exposed to Common Vulnerabilities and Exposures (CVE).
More information on the concerned CVE could be obtained here:
https://www.cve.org/CVERecord/SearchResults?query=broadcom+wl+WiFi+driver

Message from:
https://github.com/rpmfusion/wl-kmod/blob/b0d19578ebd0daae9c5b7f9e9511a6d73ac4d957/wl-kmod.spec#L86-L89

authored by

NullCube and committed by
Alyssa Ross 4d6edc8a 5d6c7f9e

+10
+10
pkgs/os-specific/linux/broadcom-sta/default.nix
··· 111 111 "i686-linux" 112 112 "x86_64-linux" 113 113 ]; 114 + knownVulnerabilities = [ 115 + "CVE-2019-9501: heap buffer overflow, potentially allowing remote code execution by sending specially-crafted WiFi packets" 116 + "CVE-2019-9502: heap buffer overflow, potentially allowing remote code execution by sending specially-crafted WiFi packets" 117 + ( 118 + "The Broadcom STA wireless driver is not maintained " 119 + + "and is incompatible with Linux kernel security mitigations. " 120 + + "It is heavily recommended to replace the hardware and remove the driver. " 121 + + "Proceed at your own risk!" 122 + ) 123 + ]; 114 124 }; 115 125 }