In certain cases, the PN used by the WL18xx firmware when transmitting packets can increment beyond the PN stored by the host-side driver for WL18xx. The host-side PN value is used to recover the system if a reset is required. If a device recovery is triggered, the PN will be restored by the value saved in the host, which can cause the WL18xx device to repeat PN numbers in subsequent transmitted packets without changing keys.
TI-PSIRT-2021-100120
WiLink WL18xx PN reuse issue
The reuse of PN numbers can appear as a replay attack to a connected AP, which can respond by dropping incoming packets. This can lead to a period during which a WL18xx station can experience a denial of service.
The following updates have been released to fix this vulnerability:
Products based on the WL18xx NLCP Driver can be updated with the firmware version v8.9.1.0.0 and apply the wlcore patch to fix this issue.
NOTE: Both the firmware and the driver updates must be applied together for the system to work properly and to fix the issue. Updating the firmware without applying the latest driver can cause the driver to fail during initialization.