CVE-2020-26147

Published: 5/11/2021 Last updated: 8/4/2024 Reserved: 9/29/2020

An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (1)

Product	Vendor	Version
n/a	n/a	FastConnect 7800

References (16)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
https://www.fragattacks.com
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
http://www.openwall.com/lists/oss-security/2021/05/11/12
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
https://www.fragattacks.com
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
http://www.openwall.com/lists/oss-security/2021/05/11/12
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63