CWE
20 290
Advisory Published
CVE Published
Updated

CVE-2020-26144: Input Validation

First published: Tue May 11 2021(Updated: )

A flaw was found in the Linux kernel, where the WiFi implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (ex., LLC/SNAP) header for EAPOL. The highest threat from this vulnerability is to integrity.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
redhat/kernel-rt<0:4.18.0-348.rt7.130.el8
0:4.18.0-348.rt7.130.el8
redhat/kernel<0:4.18.0-348.el8
0:4.18.0-348.el8
Samsung Galaxy I9305 Firmware=4.4.4
Samsung Galaxy I9305
Arista C-250 Firmware<10.0.1-31
Arista C-250
Arista C-260 Firmware<10.0.1-31
Arista C-260
Arista C-230 Firmware<10.0.1-31
Arista C-230
Arista C-235 Firmware<10.0.1-31
Arista C-235
Arista C-200 Firmware<11.0.0-36
Arista C-200
Arista C-120 Firmware<11.0.0-36
Arista C-120
Arista C-130 Firmware<11.0.0-36
Arista C-130
Arista C-100 Firmware<11.0.0-36
Arista C-100
Arista C-110 Firmware<11.0.0-36
Arista C-110
Arista O-105 Firmware<11.0.0-36
Arista O-105
Arista W-118 Firmware<11.0.0-36
Arista W-118
Arista C-75 Firmware
Arista C-75
Arista O-90 Firmware
Arista O-90
Arista C-65 Firmware
Arista C-65
Arista W-68 Firmware
Arista W-68
Siemens Scalance W700 Ieee 802.11ax Firmware
Siemens Scalance W700 Ieee 802.11ax
Siemens Scalance W700 Ieee 802.11n Firmware
Siemens SCALANCE W700 IEEE 802.11n

Remedy

Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2020-26144?

    CVE-2020-26144 is a vulnerability in the Linux kernel that allows an adversary to inject arbitrary network packets.

  • What is the severity of CVE-2020-26144?

    The severity of CVE-2020-26144 is medium with a CVSS score of 6.5.

  • Which software versions are affected by CVE-2020-26144?

    CVE-2020-26144 affects Samsung Galaxy S3 i9305 4.4.4 devices and certain versions of the Red Hat kernel and kernel-rt packages.

  • How can an adversary exploit CVE-2020-26144?

    An adversary can exploit CVE-2020-26144 by sending plaintext A-MSDU frames with a valid RFC1042 header for EAPOL.

  • Where can I find more information about CVE-2020-26144?

    You can find more information about CVE-2020-26144 in the provided references.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203