An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.

Metrics

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Arista
  • C-65
  • C-65 Firmware
  • C-75
  • C-75 Firmware
  • O-90
  • O-90 Firmware
  • W-68
  • W-68 Firmware
Debian
  • Debian Linux
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
Siemens
  • Scalance W1700 Ieee 802.11ac
  • Scalance W1700 Ieee 802.11ac Firmware
  • Scalance W700 Ieee 802.11n
  • Scalance W700 Ieee 802.11n Firmware

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:arista:c-75_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-75:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:arista:o-90_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:o-90:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:arista:c-65_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:c-65:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:arista:w-68_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:w-68:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_w700_ieee_802.11n:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:siemens:scalance_w1700_ieee_802.11ac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_w1700_ieee_802.11ac:-:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-348.rt7.130.el8 cpe:/a:redhat:enterprise_linux:8::nfv RHSA-2021:4140 2021-11-09T00:00:00Z
kernel-0:4.18.0-348.el8 cpe:/o:redhat:enterprise_linux:8 RHSA-2021:4356 2021-11-09T00:00:00Z
References
Link Providers
http://www.openwall.com/lists/oss-security/2021/05/11/12 cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf cve-icon cve-icon
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html cve-icon cve-icon
https://lore.kernel.org/linux-wireless/20210511200110.30c4394bb835.I5acfdb552cc1d20c339c262315950b3eac491397@changeid/ cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2020-26147 cve-icon
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu cve-icon cve-icon
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2020-26147 cve-icon
https://www.fragattacks.com cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-04T15:49:07.202Z

Reserved: 2020-09-29T00:00:00

Link: CVE-2020-26147

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-05-11T20:15:08.947

Modified: 2024-11-21T05:19:22.380

Link: CVE-2020-26147

cve-icon Redhat

Severity : Low

Publid Date: 2021-05-11T00:00:00Z

Links: CVE-2020-26147 - Bugzilla