Commit 4d6edc8a authored by NullCube's avatar NullCube Committed by Alyssa Ross
Browse files

linuxPackages.broadcom_sta: added CVE's and unmaintained warning to meta.knownVulnerabilities 

Important warning: this module has reached the end of support from Broadcom.
It is therefore exposed to Common Vulnerabilities and Exposures (CVE).
More information on the concerned CVE could be obtained here:
https://www.cve.org/CVERecord/SearchResults?query=broadcom+wl+WiFi+driver

Message from:
https://github.com/rpmfusion/wl-kmod/blob/b0d19578ebd0daae9c5b7f9e9511a6d73ac4d957/wl-kmod.spec#L86-L89
parent 5d6c7f9e

pkgs/os-specific/linux/broadcom-sta/default.nix

+10 −0
Original line number Diff line number Diff line
@@ -111,5 +111,15 @@ stdenv.mkDerivation { 
      "i686-linux"

      "x86_64-linux"

    ];

    knownVulnerabilities = [

      "CVE-2019-9501: heap buffer overflow, potentially allowing remote code execution by sending specially-crafted WiFi packets"

      "CVE-2019-9502: heap buffer overflow, potentially allowing remote code execution by sending specially-crafted WiFi packets"

      (

        "The Broadcom STA wireless driver is not maintained "

        + "and is incompatible with Linux kernel security mitigations. "

        + "It is heavily recommended to replace the hardware and remove the driver. "

        + "Proceed at your own risk!"

      )

    ];

  };

}