---

CVE-2020-24587 - log back

CVE-2020-24587 edited at 03 Jun 2021 14:10:11

References

https://www.openwall.com/lists/oss-security/2021/05/11/12 https://papers.mathyvanhoef.com/usenix2021.pdf https://www.fragattacks.com/ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=94eebceb18e552c72b845055ca9d12c3debc0c99 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=3c47cee66b3887c259acb7b502596703c8459397 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=063aa9df5ae99e0c9a7a5a76b9b836897de4a048 + https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.42&id=42d98e02193d163c1523a8840a2effcc4c6eb111 + https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.42&id=6abcc01e8b3b804a7f18721666d978f39470e30c + https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.42&id=cc5d84b1b07d5239c2ca591cab3e3e4e7b0384e4

CVE-2020-24587 edited at 03 Jun 2021 13:23:58
Description	- A security issue has been found in the IEEE 802.11 implementation (mac80211) of the Linux kernel. Reassembling fragments are encrypted under different keys. + The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
References	https://www.openwall.com/lists/oss-security/2021/05/11/12 https://papers.mathyvanhoef.com/usenix2021.pdf https://www.fragattacks.com/ + https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=94eebceb18e552c72b845055ca9d12c3debc0c99 + https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=3c47cee66b3887c259acb7b502596703c8459397 + https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=063aa9df5ae99e0c9a7a5a76b9b836897de4a048 - https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/ - https://lore.kernel.org/linux-wireless/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid/ - https://lore.kernel.org/linux-wireless/20210511200110.037aa5ca0390.I7bb888e2965a0db02a67075fcb5deb50eb7408aa@changeid/ - https://lore.kernel.org/linux-wireless/20210511200110.218dc777836f.I9af6fc76215a35936c4152552018afb5079c5d8c@changeid/

CVE-2020-24587 edited at 11 May 2021 18:57:53
Description	- A security issue has been found in the ath10k and ath11k wireless drivers of the Linux kernel. Reassembling fragments are encrypted under different keys. + A security issue has been found in the IEEE 802.11 implementation (mac80211) of the Linux kernel. Reassembling fragments are encrypted under different keys.

CVE-2020-24587 edited at 11 May 2021 18:56:15

References

https://www.openwall.com/lists/oss-security/2021/05/11/12 https://papers.mathyvanhoef.com/usenix2021.pdf https://www.fragattacks.com/ https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/ https://lore.kernel.org/linux-wireless/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid/ https://lore.kernel.org/linux-wireless/20210511200110.037aa5ca0390.I7bb888e2965a0db02a67075fcb5deb50eb7408aa@changeid/ + https://lore.kernel.org/linux-wireless/20210511200110.218dc777836f.I9af6fc76215a35936c4152552018afb5079c5d8c@changeid/

CVE-2020-24587 edited at 11 May 2021 18:54:14

References

https://www.openwall.com/lists/oss-security/2021/05/11/12 https://papers.mathyvanhoef.com/usenix2021.pdf https://www.fragattacks.com/ https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/ https://lore.kernel.org/linux-wireless/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid/ + https://lore.kernel.org/linux-wireless/20210511200110.037aa5ca0390.I7bb888e2965a0db02a67075fcb5deb50eb7408aa@changeid/

CVE-2020-24587 edited at 11 May 2021 18:52:43
References	https://www.openwall.com/lists/oss-security/2021/05/11/12 https://papers.mathyvanhoef.com/usenix2021.pdf https://www.fragattacks.com/ https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/ + https://lore.kernel.org/linux-wireless/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid/

CVE-2020-24587 edited at 11 May 2021 18:44:33
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ A security issue has been found in the ath10k and ath11k wireless drivers of the Linux kernel. Reassembling fragments are encrypted under different keys.
References	+ https://www.openwall.com/lists/oss-security/2021/05/11/12 + https://papers.mathyvanhoef.com/usenix2021.pdf + https://www.fragattacks.com/ + https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/

CVE-2020-24587 created at 11 May 2021 18:39:39
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes