CVE-2020-26144: Input Validation
First published: Tue May 11 2021(Updated: )
A flaw was found in the Linux kernel, where the WiFi implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (ex., LLC/SNAP) header for EAPOL. The highest threat from this vulnerability is to integrity.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-348.rt7.130.el8 | 0:4.18.0-348.rt7.130.el8 |
| redhat/kernel | <0:4.18.0-348.el8 | 0:4.18.0-348.el8 |
| Samsung Galaxy I9305 Firmware | =4.4.4 | |
| Samsung Galaxy I9305 | ||
| Arista C-250 Firmware | <10.0.1-31 | |
| Arista C-250 | ||
| Arista C-260 Firmware | <10.0.1-31 | |
| Arista C-260 | ||
| Arista C-230 Firmware | <10.0.1-31 | |
| Arista C-230 | ||
| Arista C-235 Firmware | <10.0.1-31 | |
| Arista C-235 | ||
| Arista C-200 Firmware | <11.0.0-36 | |
| Arista C-200 | ||
| Arista C-120 Firmware | <11.0.0-36 | |
| Arista C-120 | ||
| Arista C-130 Firmware | <11.0.0-36 | |
| Arista C-130 | ||
| Arista C-100 Firmware | <11.0.0-36 | |
| Arista C-100 | ||
| Arista C-110 Firmware | <11.0.0-36 | |
| Arista C-110 | ||
| Arista O-105 Firmware | <11.0.0-36 | |
| Arista O-105 | ||
| Arista W-118 Firmware | <11.0.0-36 | |
| Arista W-118 | ||
| Arista C-75 Firmware | ||
| Arista C-75 | ||
| Arista O-90 Firmware | ||
| Arista O-90 | ||
| Arista C-65 Firmware | ||
| Arista C-65 | ||
| Arista W-68 Firmware | ||
| Arista W-68 | ||
| Siemens Scalance W700 Ieee 802.11ax Firmware | ||
| Siemens Scalance W700 Ieee 802.11ax | ||
| Siemens Scalance W700 Ieee 802.11n Firmware | ||
| Siemens SCALANCE W700 IEEE 802.11n |
Remedy
Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
- https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
- https://www.fragattacks.com
- https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1960499
- https://access.redhat.com/errata/RHSA-2021:4140
- https://access.redhat.com/errata/RHSA-2021:4356
- https://access.redhat.com/security/cve/cve-2020-26144
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1960498#c20
- https://bugzilla.redhat.com/show_bug.cgi?id=1960498
- https://www.cve.org/CVERecord?id=CVE-2020-26144 https://nvd.nist.gov/vuln/detail/CVE-2020-26144
Frequently Asked Questions
What is CVE-2020-26144?
CVE-2020-26144 is a vulnerability in the Linux kernel that allows an adversary to inject arbitrary network packets.
What is the severity of CVE-2020-26144?
The severity of CVE-2020-26144 is medium with a CVSS score of 6.5.
Which software versions are affected by CVE-2020-26144?
CVE-2020-26144 affects Samsung Galaxy S3 i9305 4.4.4 devices and certain versions of the Red Hat kernel and kernel-rt packages.
How can an adversary exploit CVE-2020-26144?
An adversary can exploit CVE-2020-26144 by sending plaintext A-MSDU frames with a valid RFC1042 header for EAPOL.
Where can I find more information about CVE-2020-26144?
You can find more information about CVE-2020-26144 in the provided references.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-26144
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/event
- agent/description
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- vendor/samsung
- canonical/samsung galaxy i9305 firmware
- version/samsung galaxy i9305 firmware/4.4.4
- canonical/samsung galaxy i9305
- vendor/arista
- canonical/arista c-250 firmware
- canonical/arista c-250
- canonical/arista c-260 firmware
- canonical/arista c-260
- canonical/arista c-230 firmware
- canonical/arista c-230
- canonical/arista c-235 firmware
- canonical/arista c-235
- canonical/arista c-200 firmware
- canonical/arista c-200
- canonical/arista c-120 firmware
- canonical/arista c-120
- canonical/arista c-130 firmware
- canonical/arista c-130
- canonical/arista c-100 firmware
- canonical/arista c-100
- canonical/arista c-110 firmware
- canonical/arista c-110
- canonical/arista o-105 firmware
- canonical/arista o-105
- canonical/arista w-118 firmware
- canonical/arista w-118
- canonical/arista c-75 firmware
- canonical/arista c-75
- canonical/arista o-90 firmware
- canonical/arista o-90
- canonical/arista c-65 firmware
- canonical/arista c-65
- canonical/arista w-68 firmware
- canonical/arista w-68
- vendor/siemens
- canonical/siemens scalance w700 ieee 802.11ax firmware
- canonical/siemens scalance w700 ieee 802.11ax
- canonical/siemens scalance w700 ieee 802.11n firmware
- canonical/siemens scalance w700 ieee 802.11n