CVE-2020-26147
kernel: reassembling mixed encrypted/plaintext fragments
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.
Se detectó un problema en el kernel de Linux versión 5.8.9. Las implementaciones de WEP, WPA, WPA2 y WPA3 reensamblan fragmentos aunque algunos de ellos se enviaron en texto plano. Esta vulnerabilidad puede ser abusada para inyectar paquetes y/o exfiltrar fragmentos seleccionados cuando otro dispositivo envía tramas fragmentadas y el protocolo de confidencialidad de datos WEP, CCMP o GCMP es usado
A flaw was found in ieee80211_rx_h_defragment in net/mac80211/rx.c in the Linux Kernel's WiFi implementation. This vulnerability can be abused to inject packets or exfiltrate selected fragments when another device sends fragmented frames, and the WEP, CCMP, or GCMP data-confidentiality protocol is used. The highest threat from this vulnerability is to integrity.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-09-29 CVE Reserved
- 2021-05-11 CVE Published
- 2024-07-12 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-307: Improper Restriction of Excessive Authentication Attempts
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf | Third Party Advisory |
|
| https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html | Mailing List |
|
| https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 | Third Party Advisory | |
| https://www.fragattacks.com | Product |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2021/05/11/12 | 2022-07-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Arista Search vendor "Arista" | C-75 Firmware Search vendor "Arista" for product "C-75 Firmware" | - | - |
Affected
| in | Arista Search vendor "Arista" | C-75 Search vendor "Arista" for product "C-75" | - | - |
Safe
|
| Arista Search vendor "Arista" | O-90 Firmware Search vendor "Arista" for product "O-90 Firmware" | - | - |
Affected
| in | Arista Search vendor "Arista" | O-90 Search vendor "Arista" for product "O-90" | - | - |
Safe
|
| Arista Search vendor "Arista" | C-65 Firmware Search vendor "Arista" for product "C-65 Firmware" | - | - |
Affected
| in | Arista Search vendor "Arista" | C-65 Search vendor "Arista" for product "C-65" | - | - |
Safe
|
| Arista Search vendor "Arista" | W-68 Firmware Search vendor "Arista" for product "W-68 Firmware" | - | - |
Affected
| in | Arista Search vendor "Arista" | W-68 Search vendor "Arista" for product "W-68" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Scalance W700 Ieee 802.11n Firmware Search vendor "Siemens" for product "Scalance W700 Ieee 802.11n Firmware" | * | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance W700 Ieee 802.11n Search vendor "Siemens" for product "Scalance W700 Ieee 802.11n" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Scalance W1700 Ieee 802.11ac Firmware Search vendor "Siemens" for product "Scalance W1700 Ieee 802.11ac Firmware" | * | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance W1700 Ieee 802.11ac Search vendor "Siemens" for product "Scalance W1700 Ieee 802.11ac" | - | - |
Safe
|
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.4 < 4.4.271 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 4.4.271" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.9 < 4.9.271 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9 < 4.9.271" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.14 < 4.14.235 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 4.14.235" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.19 < 4.19.193 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19 < 4.19.193" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4 < 5.4.124 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4 < 5.4.124" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.10 < 5.10.42 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 5.10.42" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.12 < 5.12.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 5.12.9" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||