First published: Tue May 11 2021(Updated: )
A flaw was found in the Linux kernel, where the WiFi implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (ex., LLC/SNAP) header for EAPOL. The highest threat from this vulnerability is to integrity.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:4.18.0-348.rt7.130.el8 | 0:4.18.0-348.rt7.130.el8 |
redhat/kernel | <0:4.18.0-348.el8 | 0:4.18.0-348.el8 |
Samsung Galaxy I9305 Firmware | =4.4.4 | |
Samsung Galaxy I9305 | ||
Arista C-250 Firmware | <10.0.1-31 | |
Arista C-250 | ||
Arista C-260 Firmware | <10.0.1-31 | |
Arista C-260 | ||
Arista C-230 Firmware | <10.0.1-31 | |
Arista C-230 | ||
Arista C-235 Firmware | <10.0.1-31 | |
Arista C-235 | ||
Arista C-200 Firmware | <11.0.0-36 | |
Arista C-200 | ||
Arista C-120 Firmware | <11.0.0-36 | |
Arista C-120 | ||
Arista C-130 Firmware | <11.0.0-36 | |
Arista C-130 | ||
Arista C-100 Firmware | <11.0.0-36 | |
Arista C-100 | ||
Arista C-110 Firmware | <11.0.0-36 | |
Arista C-110 | ||
Arista O-105 Firmware | <11.0.0-36 | |
Arista O-105 | ||
Arista W-118 Firmware | <11.0.0-36 | |
Arista W-118 | ||
Arista C-75 Firmware | ||
Arista C-75 | ||
Arista O-90 Firmware | ||
Arista O-90 | ||
Arista C-65 Firmware | ||
Arista C-65 | ||
Arista W-68 Firmware | ||
Arista W-68 | ||
Siemens Scalance W700 Ieee 802.11ax Firmware | ||
Siemens Scalance W700 Ieee 802.11ax | ||
Siemens Scalance W700 Ieee 802.11n Firmware | ||
Siemens SCALANCE W700 IEEE 802.11n |
Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-26144 is a vulnerability in the Linux kernel that allows an adversary to inject arbitrary network packets.
The severity of CVE-2020-26144 is medium with a CVSS score of 6.5.
CVE-2020-26144 affects Samsung Galaxy S3 i9305 4.4.4 devices and certain versions of the Red Hat kernel and kernel-rt packages.
An adversary can exploit CVE-2020-26144 by sending plaintext A-MSDU frames with a valid RFC1042 header for EAPOL.
You can find more information about CVE-2020-26144 in the provided references.