CVE-2020-26144: Input Validation

Reference Links

• http://www.openwall.com/lists/oss-security/2021/05/11/12
• https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
• https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
• https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
• https://www.fragattacks.com
• https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1960499
• https://access.redhat.com/errata/RHSA-2021:4140
• https://access.redhat.com/errata/RHSA-2021:4356
• https://access.redhat.com/security/cve/cve-2020-26144
• https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1960498#c20
• https://bugzilla.redhat.com/show_bug.cgi?id=1960498
• https://www.cve.org/CVERecord?id=CVE-2020-26144 https://nvd.nist.gov/vuln/detail/CVE-2020-26144

Parent vulnerabilities

(Appears in the following advisories)

• RHSA-2021:4140
• RHSA-2021:4356

Frequently Asked Questions

• What is CVE-2020-26144?

  CVE-2020-26144 is a vulnerability in the Linux kernel that allows an adversary to inject arbitrary network packets.

• What is the severity of CVE-2020-26144?

  The severity of CVE-2020-26144 is medium with a CVSS score of 6.5.

• Which software versions are affected by CVE-2020-26144?

  CVE-2020-26144 affects Samsung Galaxy S3 i9305 4.4.4 devices and certain versions of the Red Hat kernel and kernel-rt packages.

• How can an adversary exploit CVE-2020-26144?

  An adversary can exploit CVE-2020-26144 by sending plaintext A-MSDU frames with a valid RFC1042 header for EAPOL.

• Where can I find more information about CVE-2020-26144?

  You can find more information about CVE-2020-26144 in the provided references.