CVE-2020-24586
kernel: Fragmentation cache not cleared on reconnection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
El estándar 802.11 que sustenta a Wi-Fi Protected Access (WPA, WPA2, y WPA3) y Wired Equivalent Privacy (WEP) no requiere que los fragmentos recibidos se borren de la memoria después de (re)conectarse a una red. En las circunstancias adecuadas, cuando otro dispositivo envía tramas fragmentadas cifradas mediante WEP, CCMP o GCMP, se puede abusar de esto para inyectar paquetes de red arbitrarios y/o exfiltrar datos del usuario
A flaw was found in the Linux kernels implementation of wifi fragmentation handling. An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-08-21 CVE Reserved
- 2021-05-11 CVE Published
- 2024-07-12 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2021/05/11/12 | Mailing List | |
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html | Mailing List | |
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 | Third Party Advisory | |
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://www.fragattacks.com | 2024-08-04 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Arista Search vendor "Arista" | C-250 Firmware Search vendor "Arista" for product "C-250 Firmware" | < 10.0.1-31 Search vendor "Arista" for product "C-250 Firmware" and version " < 10.0.1-31" | - |
Affected
| in | Arista Search vendor "Arista" | C-250 Search vendor "Arista" for product "C-250" | - | - |
Safe
|
Arista Search vendor "Arista" | C-260 Firmware Search vendor "Arista" for product "C-260 Firmware" | < 10.0.1-31 Search vendor "Arista" for product "C-260 Firmware" and version " < 10.0.1-31" | - |
Affected
| in | Arista Search vendor "Arista" | C-260 Search vendor "Arista" for product "C-260" | - | - |
Safe
|
Arista Search vendor "Arista" | C-230 Firmware Search vendor "Arista" for product "C-230 Firmware" | < 10.0.1-31 Search vendor "Arista" for product "C-230 Firmware" and version " < 10.0.1-31" | - |
Affected
| in | Arista Search vendor "Arista" | C-230 Search vendor "Arista" for product "C-230" | - | - |
Safe
|
Arista Search vendor "Arista" | C-235 Firmware Search vendor "Arista" for product "C-235 Firmware" | < 10.0.1-31 Search vendor "Arista" for product "C-235 Firmware" and version " < 10.0.1-31" | - |
Affected
| in | Arista Search vendor "Arista" | C-235 Search vendor "Arista" for product "C-235" | - | - |
Safe
|
Arista Search vendor "Arista" | C-200 Firmware Search vendor "Arista" for product "C-200 Firmware" | < 11.0.0-36 Search vendor "Arista" for product "C-200 Firmware" and version " < 11.0.0-36" | - |
Affected
| in | Arista Search vendor "Arista" | C-200 Search vendor "Arista" for product "C-200" | - | - |
Safe
|
Intel Search vendor "Intel" | Ax210 Firmware Search vendor "Intel" for product "Ax210 Firmware" | < 22.30.0.11 Search vendor "Intel" for product "Ax210 Firmware" and version " < 22.30.0.11" | - |
Affected
| in | Intel Search vendor "Intel" | Ax210 Search vendor "Intel" for product "Ax210" | - | - |
Safe
|
Intel Search vendor "Intel" | Ax201 Firmware Search vendor "Intel" for product "Ax201 Firmware" | < 22.30.0.11 Search vendor "Intel" for product "Ax201 Firmware" and version " < 22.30.0.11" | - |
Affected
| in | Intel Search vendor "Intel" | Ax201 Search vendor "Intel" for product "Ax201" | - | - |
Safe
|
Intel Search vendor "Intel" | Ax200 Firmware Search vendor "Intel" for product "Ax200 Firmware" | < 22.30.0.11 Search vendor "Intel" for product "Ax200 Firmware" and version " < 22.30.0.11" | - |
Affected
| in | Intel Search vendor "Intel" | Ax200 Search vendor "Intel" for product "Ax200" | - | - |
Safe
|
Intel Search vendor "Intel" | Ac 9560 Firmware Search vendor "Intel" for product "Ac 9560 Firmware" | < 22.30.0.11 Search vendor "Intel" for product "Ac 9560 Firmware" and version " < 22.30.0.11" | - |
Affected
| in | Intel Search vendor "Intel" | Ac 9560 Search vendor "Intel" for product "Ac 9560" | - | - |
Safe
|
Intel Search vendor "Intel" | Ac 9462 Firmware Search vendor "Intel" for product "Ac 9462 Firmware" | < 22.30.0.11 Search vendor "Intel" for product "Ac 9462 Firmware" and version " < 22.30.0.11" | - |
Affected
| in | Intel Search vendor "Intel" | Ac 9462 Search vendor "Intel" for product "Ac 9462" | - | - |
Safe
|
Intel Search vendor "Intel" | Ac 9461 Firmware Search vendor "Intel" for product "Ac 9461 Firmware" | < 22.30.0.11 Search vendor "Intel" for product "Ac 9461 Firmware" and version " < 22.30.0.11" | - |
Affected
| in | Intel Search vendor "Intel" | Ac 9461 Search vendor "Intel" for product "Ac 9461" | - | - |
Safe
|
Intel Search vendor "Intel" | Ac 9260 Firmware Search vendor "Intel" for product "Ac 9260 Firmware" | < 22.30.0.11 Search vendor "Intel" for product "Ac 9260 Firmware" and version " < 22.30.0.11" | - |
Affected
| in | Intel Search vendor "Intel" | Ac 9260 Search vendor "Intel" for product "Ac 9260" | - | - |
Safe
|
Intel Search vendor "Intel" | Ac 8265 Firmware Search vendor "Intel" for product "Ac 8265 Firmware" | < 20.70.21.2 Search vendor "Intel" for product "Ac 8265 Firmware" and version " < 20.70.21.2" | - |
Affected
| in | Intel Search vendor "Intel" | Ac 8265 Search vendor "Intel" for product "Ac 8265" | - | - |
Safe
|
Intel Search vendor "Intel" | Ac 8260 Firmware Search vendor "Intel" for product "Ac 8260 Firmware" | < 20.70.21.2 Search vendor "Intel" for product "Ac 8260 Firmware" and version " < 20.70.21.2" | - |
Affected
| in | Intel Search vendor "Intel" | Ac 8260 Search vendor "Intel" for product "Ac 8260" | - | - |
Safe
|
Intel Search vendor "Intel" | Ac 3168 Firmware Search vendor "Intel" for product "Ac 3168 Firmware" | < 19.51.33.1 Search vendor "Intel" for product "Ac 3168 Firmware" and version " < 19.51.33.1" | - |
Affected
| in | Intel Search vendor "Intel" | Ac 3168 Search vendor "Intel" for product "Ac 3168" | - | - |
Safe
|
Intel Search vendor "Intel" | Ac 7265 Firmware Search vendor "Intel" for product "Ac 7265 Firmware" | < 19.51.33.1 Search vendor "Intel" for product "Ac 7265 Firmware" and version " < 19.51.33.1" | - |
Affected
| in | Intel Search vendor "Intel" | Ac 7265 Search vendor "Intel" for product "Ac 7265" | - | - |
Safe
|
Intel Search vendor "Intel" | Ac 3165 Firmware Search vendor "Intel" for product "Ac 3165 Firmware" | < 19.51.33.1 Search vendor "Intel" for product "Ac 3165 Firmware" and version " < 19.51.33.1" | - |
Affected
| in | Intel Search vendor "Intel" | Ac 3165 Search vendor "Intel" for product "Ac 3165" | - | - |
Safe
|
Intel Search vendor "Intel" | Ax1675 Firmware Search vendor "Intel" for product "Ax1675 Firmware" | - | - |
Affected
| in | Intel Search vendor "Intel" | Ax1675 Search vendor "Intel" for product "Ax1675" | - | - |
Safe
|
Intel Search vendor "Intel" | Ax1650 Firmware Search vendor "Intel" for product "Ax1650 Firmware" | - | - |
Affected
| in | Intel Search vendor "Intel" | Ax1650 Search vendor "Intel" for product "Ax1650" | - | - |
Safe
|
Intel Search vendor "Intel" | Ac 1550 Firmware Search vendor "Intel" for product "Ac 1550 Firmware" | - | - |
Affected
| in | Intel Search vendor "Intel" | Ac 1550 Search vendor "Intel" for product "Ac 1550" | - | - |
Safe
|
Ieee Search vendor "Ieee" | Ieee 802.11 Search vendor "Ieee" for product "Ieee 802.11" | * | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Mac80211 Search vendor "Linux" for product "Mac80211" | - | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.4 < 4.4.271 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 4.4.271" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.9 < 4.9.271 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9 < 4.9.271" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.14 < 4.14.235 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 4.14.235" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.19 < 4.19.193 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19 < 4.19.193" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4 < 5.4.124 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.4.124" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.10 < 5.10.42 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 5.10.42" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.12 < 5.12.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 5.12.9" | - |
Affected
|