An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2021/05/11/12 | Mailing List Patch Third Party Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf | Third Party Advisory |
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html | Mailing List Third Party Advisory |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu | Third Party Advisory |
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 | Third Party Advisory |
https://www.fragattacks.com | Product |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-05-11T19:40:19
Updated: 2021-10-28T14:30:09
Reserved: 2020-09-29T00:00:00
Link: CVE-2020-26147
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-05-11T20:15:08.947
Modified: 2022-07-12T17:14:47.870
Link: CVE-2020-26147
JSON object: View
Redhat Information
No data.
CWE