CVE-2020-24588 log

Source
Severity Medium
Remote Yes
Type Insufficient validation
Description
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.
Group Package Affected Fixed Severity Status Ticket
AVG-2034 linux-lts 5.10.41-1 5.10.42-1 Medium Fixed
AVG-2033 linux-hardened 5.12.7.hardened1-1 5.12.9.hardened1-1 Medium Fixed
AVG-2032 linux-zen 5.12.8.zen1-1 5.12.9.zen1-1 Medium Fixed
AVG-2031 linux 5.12.8.arch1-1 5.12.9.arch1-1 Medium Fixed
References
https://www.openwall.com/lists/oss-security/2021/05/11/12
https://papers.mathyvanhoef.com/usenix2021.pdf
https://www.fragattacks.com/
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=6eec99250f3a0763de58a7ef9ffca53e137356db
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=6433f0051b2950acbb4ec2faae6fc98b33eb642e
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.42&id=c730d72aa6e85a71ee74530d601d4d894d791b43
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.42&id=c4d5271830c606af4a6803b645af30e79e2a5e8b