An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.
References
| Link | Resource |
|---|---|
| http://www.openwall.com/lists/oss-security/2021/05/11/12 | Mailing List Patch Third Party Advisory |
| https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf | Third Party Advisory |
| https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md | Third Party Advisory |
| https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html | Mailing List Third Party Advisory |
| https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html | Mailing List Third Party Advisory |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu | Third Party Advisory |
| https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 | Third Party Advisory |
| https://www.fragattacks.com | Product |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
History
No history.
Information
Published : 2021-05-11 20:15
Updated : 2022-07-12 17:14
NVD link : CVE-2020-26147
Mitre link : CVE-2020-26147
CVE.ORG link : CVE-2020-26147
JSON object : View
Products Affected
arista
- c-65_firmware
- o-90
- o-90_firmware
- c-75_firmware
- w-68_firmware
- c-65
- w-68
- c-75
linux
- linux_kernel
siemens
- scalance_w700_ieee_802.11n_firmware
- scalance_w1700_ieee_802.11ac_firmware
- scalance_w1700_ieee_802.11ac
- scalance_w700_ieee_802.11n
debian
- debian_linux
CWE