CVE-2020-24587 – kernel: Reassembling fragments encrypted under different keys
https://notcve.org/view.php?id=CVE-2020-24587
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. El estándar 802.11 que sustenta a Wi-Fi Protected Access (WPA, WPA2, y WPA3) y Wired Equivalent Privacy (WEP) no requiere que todos los fragmentos de una trama estén cifrados con la misma clave. Un adversario puede abusar de esto para descifrar fragmentos seleccionados cuando otro dispositivo envía tramas fragmentadas y la clave de cifrado WEP, CCMP o GCMP es periódicamente renovada A flaw was found in the Linux kernel's WiFi implementation. An attacker within the wireless range can abuse a logic flaw in the WiFi implementation by reassembling packets from multiple fragments under different keys, treating them as valid. • http://www.openwall.com/lists/oss-security/2021/05/11/12 https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu https://www.arista.com/en/support/advisories-notices/security-advisories/12 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-345: Insufficient Verification of Data Authenticity •
CVE-2020-12322
https://notcve.org/view.php?id=CVE-2020-12322
Improper input validation in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Una comprobación inapropiada de la entrada en algunos productos Intel® Wireless Bluetooth® anterior a versión 21.110, puede habilitar a un usuario no autenticado para permitir potencialmente una denegación de servicio por medio de un acceso adyacente • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403 • CWE-20: Improper Input Validation •
CVE-2020-12321 – hardware: buffer overflow in bluetooth firmware
https://notcve.org/view.php?id=CVE-2020-12321
Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Una restricción de búfer inapropiada en algunos productos Intel® Wireless Bluetooth® anterior a versión 21.110, puede habilitar a un usuario no autenticado para permitir potencialmente una escalada de privilegios por medio de un acceso adyacente A flaw was found in the firmware of some Intel Bluetooth devices. This may allow an unauthenticated attacker within Bluetooth range to overflow a buffer and corrupt memory leading to a crash or privilege escalation. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403 https://access.redhat.com/security/cve/CVE-2020-12321 https://bugzilla.redhat.com/show_bug.cgi?id=1893914 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2019-14620
https://notcve.org/view.php?id=CVE-2019-14620
Insufficient control flow management for some Intel(R) Wireless Bluetooth(R) products may allow an unprivileged user to potentially enable denial of service via adjacent access. Una gestión del flujo de control insuficiente para algunos productos Intel® Wireless Bluetooth®, puede permitir a un usuario poco privilegiado habilitar potencialmente una denegación de servicio por medio del acceso adyacente • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00337.html •
CVE-2020-0553
https://notcve.org/view.php?id=CVE-2020-0553
Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bluetooth(R) products on Windows* 10, may allow a privileged user to potentially enable information disclosure via local access. Una lectura fuera de límites en el controlador de modo kernel para algunos productos Intel® Wireless Bluetooth® en Windows* versión 10, puede permitir a un usuario privilegiado habilitar potencialmente una divulgación de información por medio de un acceso local • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00337.html • CWE-125: Out-of-bounds Read •