CVE-2020-24586 - log back

CVE-2020-24586 edited at 03 Jun 2021 14:09:13
References
https://www.openwall.com/lists/oss-security/2021/05/11/12
https://papers.mathyvanhoef.com/usenix2021.pdf
https://www.fragattacks.com/
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=94eebceb18e552c72b845055ca9d12c3debc0c99
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=3c47cee66b3887c259acb7b502596703c8459397
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.42&id=42d98e02193d163c1523a8840a2effcc4c6eb111
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.42&id=6abcc01e8b3b804a7f18721666d978f39470e30c
CVE-2020-24586 edited at 03 Jun 2021 13:08:02
Description
- A security issue has been found in the IEEE 802.11 implementation (mac80211) of the Linux kernel. The fragmentation cache is not cleared on reconnection.
+ The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
CVE-2020-24586 edited at 03 Jun 2021 13:07:30
References
https://www.openwall.com/lists/oss-security/2021/05/11/12
https://papers.mathyvanhoef.com/usenix2021.pdf
https://www.fragattacks.com/
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=94eebceb18e552c72b845055ca9d12c3debc0c99
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=3c47cee66b3887c259acb7b502596703c8459397
- https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
- https://lore.kernel.org/linux-wireless/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid/
- https://lore.kernel.org/linux-wireless/20210511200110.037aa5ca0390.I7bb888e2965a0db02a67075fcb5deb50eb7408aa@changeid/
CVE-2020-24586 edited at 11 May 2021 18:57:38
Description
- A security issue has been found in the ath10k and ath11k wireless drivers of the Linux kernel. The fragmentation cache is not cleared on reconnection.
+ A security issue has been found in the IEEE 802.11 implementation (mac80211) of the Linux kernel. The fragmentation cache is not cleared on reconnection.
CVE-2020-24586 edited at 11 May 2021 18:54:07
References
https://www.openwall.com/lists/oss-security/2021/05/11/12
https://papers.mathyvanhoef.com/usenix2021.pdf
https://www.fragattacks.com/
https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
https://lore.kernel.org/linux-wireless/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid/
+ https://lore.kernel.org/linux-wireless/20210511200110.037aa5ca0390.I7bb888e2965a0db02a67075fcb5deb50eb7408aa@changeid/
CVE-2020-24586 edited at 11 May 2021 18:52:55
References
https://www.openwall.com/lists/oss-security/2021/05/11/12
https://papers.mathyvanhoef.com/usenix2021.pdf
https://www.fragattacks.com/
https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
+ https://lore.kernel.org/linux-wireless/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid/
CVE-2020-24586 edited at 11 May 2021 18:44:00
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ A security issue has been found in the ath10k and ath11k wireless drivers of the Linux kernel. The fragmentation cache is not cleared on reconnection.
References
+ https://www.openwall.com/lists/oss-security/2021/05/11/12
+ https://papers.mathyvanhoef.com/usenix2021.pdf
+ https://www.fragattacks.com/
+ https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
CVE-2020-24586 created at 11 May 2021 18:39:39
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes