CVE-2020-24586
First published: Tue May 11 2021(Updated: )
A flaw was found in the Linux kernels implementation of wifi fragmentation handling. An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-348.rt7.130.el8 | 0:4.18.0-348.rt7.130.el8 |
| redhat/kernel | <0:4.18.0-348.el8 | 0:4.18.0-348.el8 |
| redhat/kernel | <5.13 | 5.13 |
| Ieee Ieee 802.11 | ||
| Debian Debian Linux | =9.0 | |
| Linux Mac80211 | ||
| All of | ||
| Arista C-250 Firmware | <10.0.1-31 | |
| Arista C-250 | ||
| All of | ||
| Arista C-260 Firmware | <10.0.1-31 | |
| Arista C-260 | ||
| All of | ||
| Arista C-230 Firmware | <10.0.1-31 | |
| Arista C-230 | ||
| All of | ||
| Arista C-235 Firmware | <10.0.1-31 | |
| Arista C-235 | ||
| All of | ||
| Arista C-200 Firmware | <11.0.0-36 | |
| Arista C-200 | ||
| All of | ||
| Intel Ax210 Firmware | <22.30.0.11 | |
| Intel Ax210 | ||
| All of | ||
| Intel Ax201 Firmware | <22.30.0.11 | |
| Intel Ax201 | ||
| All of | ||
| Intel Ax200 Firmware | <22.30.0.11 | |
| Intel Ax200 | ||
| All of | ||
| Intel Ac 9560 Firmware | <22.30.0.11 | |
| Intel Ac 9560 | ||
| All of | ||
| Intel Ac 9462 Firmware | <22.30.0.11 | |
| Intel Ac 9462 | ||
| All of | ||
| Intel Ac 9461 Firmware | <22.30.0.11 | |
| Intel Ac 9461 | ||
| All of | ||
| Intel Ac 9260 Firmware | <22.30.0.11 | |
| Intel Ac 9260 | ||
| All of | ||
| Intel Ac 8265 Firmware | <20.70.21.2 | |
| Intel Ac 8265 | ||
| All of | ||
| Intel Ac 8260 Firmware | <20.70.21.2 | |
| Intel Ac 8260 | ||
| All of | ||
| Intel Ac 3168 Firmware | <19.51.33.1 | |
| Intel Ac 3168 | ||
| All of | ||
| Intel Ac 7265 Firmware | <19.51.33.1 | |
| Intel Ac 7265 | ||
| All of | ||
| Intel Ac 3165 Firmware | <19.51.33.1 | |
| Intel Ac 3165 | ||
| All of | ||
| Intel Ax1675 Firmware | ||
| Intel Ax1675 | ||
| All of | ||
| Intel Ax1650 Firmware | ||
| Intel Ax1650 | ||
| All of | ||
| Intel Ac 1550 Firmware | ||
| Intel Ac 1550 | ||
| Linux Linux kernel | >=4.4<4.4.271 | |
| Linux Linux kernel | >=4.9<4.9.271 | |
| Linux Linux kernel | >=4.14<4.14.235 | |
| Linux Linux kernel | >=4.19<4.19.193 | |
| Linux Linux kernel | >=5.4<5.4.124 | |
| Linux Linux kernel | >=5.10<5.10.42 | |
| Linux Linux kernel | >=5.12<5.12.9 | |
| Arista C-250 Firmware | <10.0.1-31 | |
| Arista C-250 | ||
| Arista C-260 Firmware | <10.0.1-31 | |
| Arista C-260 | ||
| Arista C-230 Firmware | <10.0.1-31 | |
| Arista C-230 | ||
| Arista C-235 Firmware | <10.0.1-31 | |
| Arista C-235 | ||
| Arista C-200 Firmware | <11.0.0-36 | |
| Arista C-200 | ||
| Intel Ax210 Firmware | <22.30.0.11 | |
| Intel Ax210 | ||
| Intel Ax201 Firmware | <22.30.0.11 | |
| Intel Ax201 | ||
| Intel Ax200 Firmware | <22.30.0.11 | |
| Intel Ax200 | ||
| Intel Ac 9560 Firmware | <22.30.0.11 | |
| Intel Ac 9560 | ||
| Intel Ac 9462 Firmware | <22.30.0.11 | |
| Intel Ac 9462 | ||
| Intel Ac 9461 Firmware | <22.30.0.11 | |
| Intel Ac 9461 | ||
| Intel Ac 9260 Firmware | <22.30.0.11 | |
| Intel Ac 9260 | ||
| Intel Ac 8265 Firmware | <20.70.21.2 | |
| Intel Ac 8265 | ||
| Intel Ac 8260 Firmware | <20.70.21.2 | |
| Intel Ac 8260 | ||
| Intel Ac 3168 Firmware | <19.51.33.1 | |
| Intel Ac 3168 | ||
| Intel Ac 7265 Firmware | <19.51.33.1 | |
| Intel Ac 7265 | ||
| Intel Ac 3165 Firmware | <19.51.33.1 | |
| Intel Ac 3165 | ||
| Intel Ax1675 Firmware | ||
| Intel Ax1675 | ||
| Intel Ax1650 Firmware | ||
| Intel Ax1650 | ||
| Intel Ac 1550 Firmware | ||
| Intel Ac 1550 | ||
| debian/firmware-nonfree | <=20210315-3 | 20230210-5 20240709-2 20240909-2 |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.106-3 6.1.112-1 6.11.4-1 6.11.5-1 |
Remedy
Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-24586 https://nvd.nist.gov/vuln/detail/CVE-2020-24586 https://lore.kernel.org/linux-wireless/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid/
- https://bugzilla.redhat.com/show_bug.cgi?id=1959642
- https://access.redhat.com/errata/RHSA-2021:4140
- https://access.redhat.com/errata/RHSA-2021:4356
- https://access.redhat.com/security/cve/cve-2020-24586
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://www.fragattacks.com
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
- https://launchpad.net/bugs/cve/CVE-2020-24586
- https://lore.kernel.org/linux-wireless/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid/
- https://papers.mathyvanhoef.com/usenix2021.pdf
- https://www.fragattacks.com/
- https://lore.kernel.org/linux-wireless/c4d8c2f040b368225b72a91e74ee282d9ceab4d5.camel@coelho.fi/
- https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
- https://lore.kernel.org/linux-wireless/20210511200110.037aa5ca0390.I7bb888e2965a0db02a67075fcb5deb50eb7408aa@changeid/
- https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=55d964905a2b6cd790cbbbb46640bb2fb520b0cb
- https://security-tracker.debian.org/tracker/CVE-2020-24586
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24586
- https://nvd.nist.gov/vuln/detail/CVE-2020-24586
- https://ubuntu.com/security/CVE-2020-24586
- collector/redhat-cve
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/first-publish-date
- agent/weakness
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-24586
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/ieee
- canonical/ieee ieee 802.11
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/linux
- canonical/linux mac80211
- vendor/arista
- canonical/arista c-250 firmware
- canonical/arista c-250
- canonical/arista c-260 firmware
- canonical/arista c-260
- canonical/arista c-230 firmware
- canonical/arista c-230
- canonical/arista c-235 firmware
- canonical/arista c-235
- canonical/arista c-200 firmware
- canonical/arista c-200
- vendor/intel
- canonical/intel ax210 firmware
- canonical/intel ax210
- canonical/intel ax201 firmware
- canonical/intel ax201
- canonical/intel ax200 firmware
- canonical/intel ax200
- canonical/intel ac 9560 firmware
- canonical/intel ac 9560
- canonical/intel ac 9462 firmware
- canonical/intel ac 9462
- canonical/intel ac 9461 firmware
- canonical/intel ac 9461
- canonical/intel ac 9260 firmware
- canonical/intel ac 9260
- canonical/intel ac 8265 firmware
- canonical/intel ac 8265
- canonical/intel ac 8260 firmware
- canonical/intel ac 8260
- canonical/intel ac 3168 firmware
- canonical/intel ac 3168
- canonical/intel ac 7265 firmware
- canonical/intel ac 7265
- canonical/intel ac 3165 firmware
- canonical/intel ac 3165
- canonical/intel ax1675 firmware
- canonical/intel ax1675
- canonical/intel ax1650 firmware
- canonical/intel ax1650
- canonical/intel ac 1550 firmware
- canonical/intel ac 1550
- canonical/linux linux kernel
- version/linux linux kernel/4.4
- version/linux linux kernel/4.9
- version/linux linux kernel/4.14
- version/linux linux kernel/4.19
- version/linux linux kernel/5.4
- version/linux linux kernel/5.10
- version/linux linux kernel/5.12
- package-manager/debian