[vesinisa]

> I'm baffled that anyone even thought about using that, given there's such good mt76 support from mainline kernels with hostapd.

Not sure if you noticed but the OpenWRT 21.02.x series (based on mainline kernel 5.4 series) is affected, and these guys generally know their game when it comes to wireless on Linux. So much so that I think the mainline kernel mt76 driver is actually maintained by an OpenWRT developer.

[mbilker]

Upstream OpenWrt does not use `wappd` so it should not be affected.

[vesinisa]

Interesting. The bulletin lists "OpenWrt 19.07, 21.02 (for MT6890)" as vulnerable, but OpenWRT had indeed no security advisory out for this:

https://openwrt.org/advisory/start

Maybe MediaTek has shipped some modified versions of OpenWRT using this "wappd" thing to their B2B customers (as part of the SDK perhaps?) and are now advertising those as vulnerable.

[qhwudbebd]

Yes, I'm assuming that's exactly why OpenWrt is mentioned but it's very misleading.

The OpenWrt folks generally have good enough taste not to ship any drivers or userspace junk from vendor SDKs, though they do have a fair-sized set of backport patches on top of the (somewhat elderly) mainline kernels they do ship.

I'm running up-to-date mainline on my routers, not OpenWrt kernels. The mt76 support in 6.11 (and previously in 6.9 and 6.10) is complete enough that I don't need to carry any patches at all over what's in Linus' tree.