CVE-2020-24586

kernel: Fragmentation cache not cleared on reconnection

Severity Score

3.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.

El estándar 802.11 que sustenta a Wi-Fi Protected Access (WPA, WPA2, y WPA3) y Wired Equivalent Privacy (WEP) no requiere que los fragmentos recibidos se borren de la memoria después de (re)conectarse a una red. En las circunstancias adecuadas, cuando otro dispositivo envía tramas fragmentadas cifradas mediante WEP, CCMP o GCMP, se puede abusar de esto para inyectar paquetes de red arbitrarios y/o exfiltrar datos del usuario

A flaw was found in the Linux kernels implementation of wifi fragmentation handling. An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device.

*Credits: N/A

CVSS Scores

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Adjacent

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-08-21 CVE Reserved
2021-05-11 CVE Published
2024-07-12 EPSS Updated
2024-08-04 CVE Updated
2024-08-04 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer

CAPEC

References (11)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2021/05/11/12	Mailing List
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html	Mailing List
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html	Mailing List
https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html	Mailing List
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63	Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html	Third Party Advisory

URL	Date	SRC
https://www.fragattacks.com	2024-08-04

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu	2023-04-01
https://access.redhat.com/security/cve/CVE-2020-24586	2021-11-09
https://bugzilla.redhat.com/show_bug.cgi?id=1959642	2021-11-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Arista Search vendor "Arista"	C-250 Firmware Search vendor "Arista" for product "C-250 Firmware"	< 10.0.1-31 Search vendor "Arista" for product "C-250 Firmware" and version " < 10.0.1-31"	-	Affected	in	Arista Search vendor "Arista"	C-250 Search vendor "Arista" for product "C-250"	-	-	Safe
Arista Search vendor "Arista"	C-260 Firmware Search vendor "Arista" for product "C-260 Firmware"	< 10.0.1-31 Search vendor "Arista" for product "C-260 Firmware" and version " < 10.0.1-31"	-	Affected	in	Arista Search vendor "Arista"	C-260 Search vendor "Arista" for product "C-260"	-	-	Safe
Arista Search vendor "Arista"	C-230 Firmware Search vendor "Arista" for product "C-230 Firmware"	< 10.0.1-31 Search vendor "Arista" for product "C-230 Firmware" and version " < 10.0.1-31"	-	Affected	in	Arista Search vendor "Arista"	C-230 Search vendor "Arista" for product "C-230"	-	-	Safe
Arista Search vendor "Arista"	C-235 Firmware Search vendor "Arista" for product "C-235 Firmware"	< 10.0.1-31 Search vendor "Arista" for product "C-235 Firmware" and version " < 10.0.1-31"	-	Affected	in	Arista Search vendor "Arista"	C-235 Search vendor "Arista" for product "C-235"	-	-	Safe
Arista Search vendor "Arista"	C-200 Firmware Search vendor "Arista" for product "C-200 Firmware"	< 11.0.0-36 Search vendor "Arista" for product "C-200 Firmware" and version " < 11.0.0-36"	-	Affected	in	Arista Search vendor "Arista"	C-200 Search vendor "Arista" for product "C-200"	-	-	Safe
Intel Search vendor "Intel"	Ax210 Firmware Search vendor "Intel" for product "Ax210 Firmware"	< 22.30.0.11 Search vendor "Intel" for product "Ax210 Firmware" and version " < 22.30.0.11"	-	Affected	in	Intel Search vendor "Intel"	Ax210 Search vendor "Intel" for product "Ax210"	-	-	Safe
Intel Search vendor "Intel"	Ax201 Firmware Search vendor "Intel" for product "Ax201 Firmware"	< 22.30.0.11 Search vendor "Intel" for product "Ax201 Firmware" and version " < 22.30.0.11"	-	Affected	in	Intel Search vendor "Intel"	Ax201 Search vendor "Intel" for product "Ax201"	-	-	Safe
Intel Search vendor "Intel"	Ax200 Firmware Search vendor "Intel" for product "Ax200 Firmware"	< 22.30.0.11 Search vendor "Intel" for product "Ax200 Firmware" and version " < 22.30.0.11"	-	Affected	in	Intel Search vendor "Intel"	Ax200 Search vendor "Intel" for product "Ax200"	-	-	Safe
Intel Search vendor "Intel"	Ac 9560 Firmware Search vendor "Intel" for product "Ac 9560 Firmware"	< 22.30.0.11 Search vendor "Intel" for product "Ac 9560 Firmware" and version " < 22.30.0.11"	-	Affected	in	Intel Search vendor "Intel"	Ac 9560 Search vendor "Intel" for product "Ac 9560"	-	-	Safe
Intel Search vendor "Intel"	Ac 9462 Firmware Search vendor "Intel" for product "Ac 9462 Firmware"	< 22.30.0.11 Search vendor "Intel" for product "Ac 9462 Firmware" and version " < 22.30.0.11"	-	Affected	in	Intel Search vendor "Intel"	Ac 9462 Search vendor "Intel" for product "Ac 9462"	-	-	Safe
Intel Search vendor "Intel"	Ac 9461 Firmware Search vendor "Intel" for product "Ac 9461 Firmware"	< 22.30.0.11 Search vendor "Intel" for product "Ac 9461 Firmware" and version " < 22.30.0.11"	-	Affected	in	Intel Search vendor "Intel"	Ac 9461 Search vendor "Intel" for product "Ac 9461"	-	-	Safe
Intel Search vendor "Intel"	Ac 9260 Firmware Search vendor "Intel" for product "Ac 9260 Firmware"	< 22.30.0.11 Search vendor "Intel" for product "Ac 9260 Firmware" and version " < 22.30.0.11"	-	Affected	in	Intel Search vendor "Intel"	Ac 9260 Search vendor "Intel" for product "Ac 9260"	-	-	Safe
Intel Search vendor "Intel"	Ac 8265 Firmware Search vendor "Intel" for product "Ac 8265 Firmware"	< 20.70.21.2 Search vendor "Intel" for product "Ac 8265 Firmware" and version " < 20.70.21.2"	-	Affected	in	Intel Search vendor "Intel"	Ac 8265 Search vendor "Intel" for product "Ac 8265"	-	-	Safe
Intel Search vendor "Intel"	Ac 8260 Firmware Search vendor "Intel" for product "Ac 8260 Firmware"	< 20.70.21.2 Search vendor "Intel" for product "Ac 8260 Firmware" and version " < 20.70.21.2"	-	Affected	in	Intel Search vendor "Intel"	Ac 8260 Search vendor "Intel" for product "Ac 8260"	-	-	Safe
Intel Search vendor "Intel"	Ac 3168 Firmware Search vendor "Intel" for product "Ac 3168 Firmware"	< 19.51.33.1 Search vendor "Intel" for product "Ac 3168 Firmware" and version " < 19.51.33.1"	-	Affected	in	Intel Search vendor "Intel"	Ac 3168 Search vendor "Intel" for product "Ac 3168"	-	-	Safe
Intel Search vendor "Intel"	Ac 7265 Firmware Search vendor "Intel" for product "Ac 7265 Firmware"	< 19.51.33.1 Search vendor "Intel" for product "Ac 7265 Firmware" and version " < 19.51.33.1"	-	Affected	in	Intel Search vendor "Intel"	Ac 7265 Search vendor "Intel" for product "Ac 7265"	-	-	Safe
Intel Search vendor "Intel"	Ac 3165 Firmware Search vendor "Intel" for product "Ac 3165 Firmware"	< 19.51.33.1 Search vendor "Intel" for product "Ac 3165 Firmware" and version " < 19.51.33.1"	-	Affected	in	Intel Search vendor "Intel"	Ac 3165 Search vendor "Intel" for product "Ac 3165"	-	-	Safe
Intel Search vendor "Intel"	Ax1675 Firmware Search vendor "Intel" for product "Ax1675 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ax1675 Search vendor "Intel" for product "Ax1675"	-	-	Safe
Intel Search vendor "Intel"	Ax1650 Firmware Search vendor "Intel" for product "Ax1650 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ax1650 Search vendor "Intel" for product "Ax1650"	-	-	Safe
Intel Search vendor "Intel"	Ac 1550 Firmware Search vendor "Intel" for product "Ac 1550 Firmware"	-	-	Affected	in	Intel Search vendor "Intel"	Ac 1550 Search vendor "Intel" for product "Ac 1550"	-	-	Safe
Ieee Search vendor "Ieee"		Ieee 802.11 Search vendor "Ieee" for product "Ieee 802.11"				*		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Linux Search vendor "Linux"		Mac80211 Search vendor "Linux" for product "Mac80211"				-		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 4.4.271 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 4.4.271"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.9 < 4.9.271 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9 < 4.9.271"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14 < 4.14.235 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 4.14.235"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19 < 4.19.193 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19 < 4.19.193"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4 < 5.4.124 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.4.124"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 5.10.42 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 5.10.42"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 5.12.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 5.12.9"		-		Affected