CWE
212
Advisory Published
Updated

CVE-2020-24586

First published: Tue May 11 2021(Updated: )

A flaw was found in the Linux kernels implementation of wifi fragmentation handling. An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
redhat/kernel-rt<0:4.18.0-348.rt7.130.el8
0:4.18.0-348.rt7.130.el8
redhat/kernel<0:4.18.0-348.el8
0:4.18.0-348.el8
redhat/kernel<5.13
5.13
IEEE 802.11
Debian Linux=9.0
Linux mac80211
Arista C-250 Firmware<10.0.1-31
Arista C-250 Firmware
Arista C-260 Firmware<10.0.1-31
Arista C-260 Firmware
Arista C-230 Firmware<10.0.1-31
Arista C-230 Firmware
Arista C-235 Firmware<10.0.1-31
Arista C-235 Firmware
Arista C-200 Firmware<11.0.0-36
Arista C-200 Firmware
Intel Wi-Fi 6E AX210 firmware<22.30.0.11
Intel Wi-Fi 6 AX210
Intel Wi-Fi 6E AX201 Firmware<22.30.0.11
Intel AX201 Firmware
Intel AX200 Firmware<22.30.0.11
Intel AX200 Firmware
Intel AC 9560 Firmware<22.30.0.11
Intel Wireless-AC 9560
Intel PROSet AC 9462 Firmware<22.30.0.11
Intel ProSet AC 9462
Intel PROSet AC 9461 Firmware<22.30.0.11
Intel ProSet AC 9461
Intel ProSet AC 9260 Firmware<22.30.0.11
Intel PROSet Wireless for AC 9260
Intel ProSet AC 8265 Firmware<20.70.21.2
Intel AC 8265 Firmware
Intel ProSet Wireless Software and Drivers for Ac 8260<20.70.21.2
Intel PROSet AC 8260
Intel AC3168 Firmware<19.51.33.1
Intel AC 3168 Firmware
Intel AC 7265<19.51.33.1
Intel AC 7265 Firmware
Intel PROSet/Wireless Software for Intel Dual Band Wireless-AC 3165<19.51.33.1
Intel AC 3165 Firmware
Intel Killer Wi-Fi 6E AX1675 Firmware
Intel AX1675 Firmware
Intel Killer Wi-Fi 6 AX1650 firmware
Intel AX1650 Firmware
Intel AC 1550 Firmware
Intel Killer Wireless-ac 1550
Linux Kernel>=4.4<4.4.271
Linux Kernel>=4.9<4.9.271
Linux Kernel>=4.14<4.14.235
Linux Kernel>=4.19<4.19.193
Linux Kernel>=5.4<5.4.124
Linux Kernel>=5.10<5.10.42
Linux Kernel>=5.12<5.12.9
All of
Arista C-250 Firmware<10.0.1-31
Arista C-250 Firmware
All of
Arista C-260 Firmware<10.0.1-31
Arista C-260 Firmware
All of
Arista C-230 Firmware<10.0.1-31
Arista C-230 Firmware
All of
Arista C-235 Firmware<10.0.1-31
Arista C-235 Firmware
All of
Arista C-200 Firmware<11.0.0-36
Arista C-200 Firmware
All of
Intel Wi-Fi 6E AX210 firmware<22.30.0.11
Intel Wi-Fi 6 AX210
All of
Intel Wi-Fi 6E AX201 Firmware<22.30.0.11
Intel AX201 Firmware
All of
Intel AX200 Firmware<22.30.0.11
Intel AX200 Firmware
All of
Intel AC 9560 Firmware<22.30.0.11
Intel Wireless-AC 9560
All of
Intel PROSet AC 9462 Firmware<22.30.0.11
Intel ProSet AC 9462
All of
Intel PROSet AC 9461 Firmware<22.30.0.11
Intel ProSet AC 9461
All of
Intel ProSet AC 9260 Firmware<22.30.0.11
Intel PROSet Wireless for AC 9260
All of
Intel ProSet AC 8265 Firmware<20.70.21.2
Intel AC 8265 Firmware
All of
Intel ProSet Wireless Software and Drivers for Ac 8260<20.70.21.2
Intel PROSet AC 8260
All of
Intel AC3168 Firmware<19.51.33.1
Intel AC 3168 Firmware
All of
Intel AC 7265<19.51.33.1
Intel AC 7265 Firmware
All of
Intel PROSet/Wireless Software for Intel Dual Band Wireless-AC 3165<19.51.33.1
Intel AC 3165 Firmware
All of
Intel Killer Wi-Fi 6E AX1675 Firmware
Intel AX1675 Firmware
All of
Intel Killer Wi-Fi 6 AX1650 firmware
Intel AX1650 Firmware
All of
Intel AC 1550 Firmware
Intel Killer Wireless-ac 1550
debian/firmware-nonfree<=20210315-3
20230210-5
20241210-1
debian/linux
5.10.223-1
5.10.234-1
6.1.129-1
6.1.128-1
6.12.20-1
6.12.21-1

Remedy

Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2020-24586?

    CVE-2020-24586 is rated as a medium severity vulnerability.

  • How do I fix CVE-2020-24586?

    To fix CVE-2020-24586, update to the patched versions of the kernel provided by your distribution.

  • What systems are affected by CVE-2020-24586?

    CVE-2020-24586 affects various versions of the Linux kernel, including specific distributions like Red Hat and Debian.

  • Can CVE-2020-24586 lead to data exposure?

    Yes, CVE-2020-24586 can potentially lead to data exposure by unintentionally transmitting previous contents of WiFi fragments.

  • What is the impact of CVE-2020-24586?

    The impact of CVE-2020-24586 allows attackers in proximity to exploit the flaw and intercept data transmissions.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203