CVE-2020-26145: Input Validation
First published: Tue May 11 2021(Updated: )
A flaw was found in ath10k_htt_rx_proc_rx_frag_ind_hl in drivers/net/wireless/ath/ath10k/htt_rx.c in the Linux kernel WiFi implementations, where it accepts a second (or subsequent) broadcast fragments even when sent in plaintext and then process them as full unfragmented frames. The highest threat from this vulnerability is to integrity.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-348.rt7.130.el8 | 0:4.18.0-348.rt7.130.el8 |
| redhat/kernel | <0:4.18.0-348.el8 | 0:4.18.0-348.el8 |
| redhat/Kernel | <5.13 | 5.13 |
| All of | ||
| Samsung Galaxy I9305 Firmware | =4.4.4 | |
| Samsung Galaxy I9305 | ||
| All of | ||
| Siemens 6gk5763-1al00-7da0 Firmware | <1.2 | |
| Siemens 6gk5763-1al00-7da0 | ||
| All of | ||
| Siemens 6gk5766-1ge00-7da0 Firmware | <1.2 | |
| Siemens 6gk5766-1ge00-7da0 | ||
| All of | ||
| Siemens 6gk5766-1ge00-7db0 Firmware | <1.2 | |
| Siemens 6gk5766-1ge00-7db0 | ||
| All of | ||
| Siemens 6gk5766-1je00-7da0 Firmware | <1.2 | |
| Siemens 6gk5766-1je00-7da0 | ||
| All of | ||
| Siemens 6gk5766-1ge00-7ta0 Firmware | <1.2 | |
| Siemens 6gk5766-1ge00-7ta0 | ||
| All of | ||
| Siemens 6gk5766-1ge00-7tb0 Firmware | <1.2 | |
| Siemens 6gk5766-1ge00-7tb0 | ||
| All of | ||
| Siemens 6gk5766-1je00-7ta0 Firmware | <1.2 | |
| Siemens 6gk5766-1je00-7ta0 | ||
| All of | ||
| Siemens 6gk5763-1al00-3aa0 Firmware | <1.2 | |
| Siemens 6gk5763-1al00-3aa0 | ||
| All of | ||
| Siemens 6gk5763-1al00-3da0 Firmware | <1.2 | |
| Siemens 6gk5763-1al00-3da0 | ||
| All of | ||
| Siemens 6gk5766-1ge00-3da0 Firmware | <1.2 | |
| Siemens 6gk5766-1ge00-3da0 | ||
| All of | ||
| Siemens 6gk5766-1ge00-3db0 Firmware | <1.2 | |
| Siemens 6gk5766-1ge00-3db0 | ||
| All of | ||
| Siemens 6gk5766-1je00-3da0 Firmware | <1.2 | |
| Siemens 6gk5766-1je00-3da0 | ||
| Samsung Galaxy I9305 Firmware | =4.4.4 | |
| Samsung Galaxy I9305 | ||
| Siemens 6gk5763-1al00-7da0 Firmware | <1.2 | |
| Siemens 6gk5763-1al00-7da0 | ||
| Siemens 6gk5766-1ge00-7da0 Firmware | <1.2 | |
| Siemens 6gk5766-1ge00-7da0 | ||
| Siemens 6gk5766-1ge00-7db0 Firmware | <1.2 | |
| Siemens 6gk5766-1ge00-7db0 | ||
| Siemens 6gk5766-1je00-7da0 Firmware | <1.2 | |
| Siemens 6gk5766-1je00-7da0 | ||
| Siemens 6gk5766-1ge00-7ta0 Firmware | <1.2 | |
| Siemens 6gk5766-1ge00-7ta0 | ||
| Siemens 6gk5766-1ge00-7tb0 Firmware | <1.2 | |
| Siemens 6gk5766-1ge00-7tb0 | ||
| Siemens 6gk5766-1je00-7ta0 Firmware | <1.2 | |
| Siemens 6gk5766-1je00-7ta0 | ||
| Siemens 6gk5763-1al00-3aa0 Firmware | <1.2 | |
| Siemens 6gk5763-1al00-3aa0 | ||
| Siemens 6gk5763-1al00-3da0 Firmware | <1.2 | |
| Siemens 6gk5763-1al00-3da0 | ||
| Siemens 6gk5766-1ge00-3da0 Firmware | <1.2 | |
| Siemens 6gk5766-1ge00-3da0 | ||
| Siemens 6gk5766-1ge00-3db0 Firmware | <1.2 | |
| Siemens 6gk5766-1ge00-3db0 | ||
| Siemens 6gk5766-1je00-3da0 Firmware | <1.2 | |
| Siemens 6gk5766-1je00-3da0 | ||
| Google Android | ||
| debian/linux | 5.10.223-1 5.10.226-1 6.1.106-3 6.1.112-1 6.11.4-1 6.11.5-1 |
Remedy
Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-26145 https://nvd.nist.gov/vuln/detail/CVE-2020-26145 https://lore.kernel.org/linux-wireless/20210511200110.9ca6ca7945a9.I1e18b514590af17c155bda86699bc3a971a8dcf4@changeid/
- https://bugzilla.redhat.com/show_bug.cgi?id=1960500
- https://access.redhat.com/errata/RHSA-2021:4140
- https://access.redhat.com/errata/RHSA-2021:4356
- https://access.redhat.com/security/cve/cve-2020-26145
- https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
- https://www.fragattacks.com
- http://www.openwall.com/lists/oss-security/2021/05/11/12
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
- https://launchpad.net/bugs/cve/CVE-2020-26145
- https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
- https://lore.kernel.org/linux-wireless/20210511200110.9ca6ca7945a9.I1e18b514590af17c155bda86699bc3a971a8dcf4@changeid/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1960501
- https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f2f94c79478dbdc16c81432d59ae299493ee76a9
- https://source.android.com/docs/security/bulletin/2021-10-01/#asterisk
- https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=99d4698bc9bd177e4c4dd5ce45715d7ff8e91b09
- https://source.android.com/docs/security/bulletin/2021-10-01 (Advisory)
- https://papers.mathyvanhoef.com/usenix2021.pdf
- https://www.fragattacks.com/
- https://lore.kernel.org/linux-wireless/20210511200110.5a0bd289bda8.Idd6ebea20038fb1cfee6de924aa595e5647c9eae@changeid/
- https://security-tracker.debian.org/tracker/CVE-2020-26145
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26145
- https://nvd.nist.gov/vuln/detail/CVE-2020-26145
- https://ubuntu.com/security/CVE-2020-26145
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/weakness
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-26145
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/android-source
- source/Android
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- agent/remedy
- agent/references
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- package-manager/redhat
- vendor/samsung
- canonical/samsung galaxy i9305 firmware
- version/samsung galaxy i9305 firmware/4.4.4
- canonical/samsung galaxy i9305
- vendor/siemens
- canonical/siemens 6gk5763-1al00-7da0 firmware
- canonical/siemens 6gk5763-1al00-7da0
- canonical/siemens 6gk5766-1ge00-7da0 firmware
- canonical/siemens 6gk5766-1ge00-7da0
- canonical/siemens 6gk5766-1ge00-7db0 firmware
- canonical/siemens 6gk5766-1ge00-7db0
- canonical/siemens 6gk5766-1je00-7da0 firmware
- canonical/siemens 6gk5766-1je00-7da0
- canonical/siemens 6gk5766-1ge00-7ta0 firmware
- canonical/siemens 6gk5766-1ge00-7ta0
- canonical/siemens 6gk5766-1ge00-7tb0 firmware
- canonical/siemens 6gk5766-1ge00-7tb0
- canonical/siemens 6gk5766-1je00-7ta0 firmware
- canonical/siemens 6gk5766-1je00-7ta0
- canonical/siemens 6gk5763-1al00-3aa0 firmware
- canonical/siemens 6gk5763-1al00-3aa0
- canonical/siemens 6gk5763-1al00-3da0 firmware
- canonical/siemens 6gk5763-1al00-3da0
- canonical/siemens 6gk5766-1ge00-3da0 firmware
- canonical/siemens 6gk5766-1ge00-3da0
- canonical/siemens 6gk5766-1ge00-3db0 firmware
- canonical/siemens 6gk5766-1ge00-3db0
- canonical/siemens 6gk5766-1je00-3da0 firmware
- canonical/siemens 6gk5766-1je00-3da0
- vendor/google
- canonical/google android
- package-manager/debian