CVE-2020-26147 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Insufficient validation
Description	An issue was discovered in the Linux kernel before version 5.12.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.

Group	Package	Affected	Fixed	Severity	Status
AVG-2034	linux-lts	5.10.41-1	5.10.42-1	Medium	Fixed
AVG-2033	linux-hardened	5.12.7.hardened1-1	5.12.9.hardened1-1	Medium	Fixed
AVG-2032	linux-zen	5.12.8.zen1-1	5.12.9.zen1-1	Medium	Fixed
AVG-2031	linux	5.12.8.arch1-1	5.12.9.arch1-1	Medium	Fixed

References
https://www.openwall.com/lists/oss-security/2021/05/11/12 https://papers.mathyvanhoef.com/usenix2021.pdf https://www.fragattacks.com/ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=083ecdde0e861bed1189be90d83b0297f4135e78 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.42&id=f7829b014bb670a77f6f66d265b058534367d04b

References

https://www.openwall.com/lists/oss-security/2021/05/11/12
https://papers.mathyvanhoef.com/usenix2021.pdf
https://www.fragattacks.com/
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=083ecdde0e861bed1189be90d83b0297f4135e78
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.42&id=f7829b014bb670a77f6f66d265b058534367d04b