CVE-2020-26145: Input Validation
First published: Tue May 11 2021(Updated: )
A flaw was found in ath10k_htt_rx_proc_rx_frag_ind_hl in drivers/net/wireless/ath/ath10k/htt_rx.c in the Linux kernel WiFi implementations, where it accepts a second (or subsequent) broadcast fragments even when sent in plaintext and then process them as full unfragmented frames. The highest threat from this vulnerability is to integrity.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-348.rt7.130.el8 | 0:4.18.0-348.rt7.130.el8 |
| redhat/kernel | <0:4.18.0-348.el8 | 0:4.18.0-348.el8 |
| redhat/Kernel | <5.13 | 5.13 |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.13-1 | |
| All of | ||
| Samsung Galaxy i9305 Firmware | =4.4.4 | |
| Samsung Galaxy i9305 | ||
| All of | ||
| Siemens 6GK5763-1AL00-7DA0 | <1.2 | |
| siemens 6gk5763-1al00-7da0 firmware | ||
| All of | ||
| Siemens 6GK5766-1GE00-7DA0 Firmware | <1.2 | |
| Siemens 6GK5766-1GE00-7DA0 Firmware | ||
| All of | ||
| Siemens 6GK5766-1GE00-7DB0 | <1.2 | |
| Siemens 6GK5766-1GE00-7DA0 Firmware | ||
| All of | ||
| Siemens 6GK5766-1JE00-7DA0 Firmware | <1.2 | |
| Siemens 6GK5766-1JE00-7DA0 Firmware | ||
| All of | ||
| Siemens 6GK5766-1GE00-7TA0 | <1.2 | |
| Siemens 6GK5766-1GE00-7TA0 Firmware | ||
| All of | ||
| siemens 6gk5766-1ge00-7tb0 firmware | <1.2 | |
| Siemens 6GK5766-1GE00-7TB0 | ||
| All of | ||
| Siemens 6GK5766-1JE00-7TA0 | <1.2 | |
| Siemens 6GK5766-1JE00-7TA0 Firmware | ||
| All of | ||
| Siemens 6GK5763-1AL00-3AA0 | <1.2 | |
| Siemens 6GK5763-1AL00-3AA0 Firmware | ||
| All of | ||
| Siemens 6GK5763-1AL00-3DA0 | <1.2 | |
| Siemens SCALANCE WUM763-1 | ||
| All of | ||
| siemens 6gk5766-1ge00-3da0 firmware | <1.2 | |
| Siemens 6GK5766-1GE00-3DA0 | ||
| All of | ||
| Siemens 6GK5766-1GE00-3DB0 | <1.2 | |
| Siemens 6GK5766-1GE00-3DB0 | ||
| All of | ||
| Siemens 6GK5766-1JE00-7DA0 Firmware | <1.2 | |
| Siemens 6GK5766-1JE00-3DA0 Firmware | ||
| Samsung Galaxy i9305 Firmware | =4.4.4 | |
| Samsung Galaxy i9305 | ||
| Siemens 6GK5763-1AL00-7DA0 | <1.2 | |
| siemens 6gk5763-1al00-7da0 firmware | ||
| Siemens 6GK5766-1GE00-7DA0 Firmware | <1.2 | |
| Siemens 6GK5766-1GE00-7DA0 Firmware | ||
| Siemens 6GK5766-1GE00-7DB0 | <1.2 | |
| Siemens 6GK5766-1GE00-7DA0 Firmware | ||
| Siemens 6GK5766-1JE00-7DA0 Firmware | <1.2 | |
| Siemens 6GK5766-1JE00-7DA0 Firmware | ||
| Siemens 6GK5766-1GE00-7TA0 | <1.2 | |
| Siemens 6GK5766-1GE00-7TA0 Firmware | ||
| siemens 6gk5766-1ge00-7tb0 firmware | <1.2 | |
| Siemens 6GK5766-1GE00-7TB0 | ||
| Siemens 6GK5766-1JE00-7TA0 | <1.2 | |
| Siemens 6GK5766-1JE00-7TA0 Firmware | ||
| Siemens 6GK5763-1AL00-3AA0 | <1.2 | |
| Siemens 6GK5763-1AL00-3AA0 Firmware | ||
| Siemens 6GK5763-1AL00-3DA0 | <1.2 | |
| Siemens SCALANCE WUM763-1 | ||
| siemens 6gk5766-1ge00-3da0 firmware | <1.2 | |
| Siemens 6GK5766-1GE00-3DA0 | ||
| Siemens 6GK5766-1GE00-3DB0 | <1.2 | |
| Siemens 6GK5766-1GE00-3DB0 | ||
| Siemens 6GK5766-1JE00-7DA0 Firmware | <1.2 | |
| Siemens 6GK5766-1JE00-3DA0 Firmware | ||
| Android |
Remedy
Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-26145 https://nvd.nist.gov/vuln/detail/CVE-2020-26145 https://lore.kernel.org/linux-wireless/20210511200110.9ca6ca7945a9.I1e18b514590af17c155bda86699bc3a971a8dcf4@changeid/
- https://bugzilla.redhat.com/show_bug.cgi?id=1960500
- https://access.redhat.com/errata/RHSA-2021:4140
- https://access.redhat.com/errata/RHSA-2021:4356
- https://access.redhat.com/security/cve/cve-2020-26145
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://www.fragattacks.com
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
- https://launchpad.net/bugs/cve/CVE-2020-26145
- https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
- https://lore.kernel.org/linux-wireless/20210511200110.9ca6ca7945a9.I1e18b514590af17c155bda86699bc3a971a8dcf4@changeid/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1960501
- https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f2f94c79478dbdc16c81432d59ae299493ee76a9
- https://source.android.com/docs/security/bulletin/2021-10-01/#asterisk
- https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=99d4698bc9bd177e4c4dd5ce45715d7ff8e91b09
- https://source.android.com/docs/security/bulletin/2021-10-01 (Advisory)
- https://papers.mathyvanhoef.com/usenix2021.pdf
- https://www.fragattacks.com/
- https://lore.kernel.org/linux-wireless/20210511200110.5a0bd289bda8.Idd6ebea20038fb1cfee6de924aa595e5647c9eae@changeid/
- https://security-tracker.debian.org/tracker/CVE-2020-26145
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26145
- https://nvd.nist.gov/vuln/detail/CVE-2020-26145
- https://ubuntu.com/security/CVE-2020-26145
Frequently Asked Questions
What is the severity of CVE-2020-26145?
CVE-2020-26145 has a high severity rating due to its potential to allow attackers to exploit the wireless stack in affected systems.
How do I fix CVE-2020-26145?
To fix CVE-2020-26145, update your Linux kernel to the recommended versions such as 0:4.18.0-348.el8 or later versions provided by your distribution.
Which software is affected by CVE-2020-26145?
CVE-2020-26145 affects multiple systems including Red Hat kernels, Google Android, and specific Siemens firmware.
What types of attacks are possible due to CVE-2020-26145?
Exploitation of CVE-2020-26145 could lead to denial of service or unauthorized access through manipulated wireless frames.
Are there any mitigations for CVE-2020-26145?
Employing network segmentation and monitoring can help mitigate the risks associated with CVE-2020-26145 until systems can be updated.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-26145
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- agent/last-modified-date
- agent/trending
- agent/source
- agent/author
- collector/security-tracker-debian
- source/Debian
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- collector/android-source
- source/Android
- package-manager/redhat
- package-manager/debian
- vendor/samsung
- canonical/samsung galaxy i9305 firmware
- version/samsung galaxy i9305 firmware/4.4.4
- canonical/samsung galaxy i9305
- vendor/siemens
- canonical/siemens 6gk5763-1al00-7da0
- canonical/siemens 6gk5763-1al00-7da0 firmware
- canonical/siemens 6gk5766-1ge00-7da0 firmware
- canonical/siemens 6gk5766-1ge00-7db0
- canonical/siemens 6gk5766-1je00-7da0 firmware
- canonical/siemens 6gk5766-1ge00-7ta0
- canonical/siemens 6gk5766-1ge00-7ta0 firmware
- canonical/siemens 6gk5766-1ge00-7tb0 firmware
- canonical/siemens 6gk5766-1ge00-7tb0
- canonical/siemens 6gk5766-1je00-7ta0
- canonical/siemens 6gk5766-1je00-7ta0 firmware
- canonical/siemens 6gk5763-1al00-3aa0
- canonical/siemens 6gk5763-1al00-3aa0 firmware
- canonical/siemens 6gk5763-1al00-3da0
- canonical/siemens scalance wum763-1
- canonical/siemens 6gk5766-1ge00-3da0 firmware
- canonical/siemens 6gk5766-1ge00-3da0
- canonical/siemens 6gk5766-1ge00-3db0
- canonical/siemens 6gk5766-1je00-3da0 firmware
- vendor/google
- canonical/android