CVE-2020-26147

Name
CVE-2020-26147
Description
An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://www.fragattacks.com
MISC https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
MLIST http://www.openwall.com/lists/oss-security/2021/05/11/12
MLIST https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
MLIST https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
CONFIRM https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
MISC https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:linux:linux_kernel:5.8.9:*:*:*:*:*:*:* linux_kernel == None == 5.8.9

Vulnerable and fixed packages

Source package Branch Version Maintainer Status