CVE-2020-24588 - log back

CVE-2020-24588 edited at 03 Jun 2021 14:10:51
References
https://www.openwall.com/lists/oss-security/2021/05/11/12
https://papers.mathyvanhoef.com/usenix2021.pdf
https://www.fragattacks.com/
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=6eec99250f3a0763de58a7ef9ffca53e137356db
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=6433f0051b2950acbb4ec2faae6fc98b33eb642e
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.42&id=c730d72aa6e85a71ee74530d601d4d894d791b43
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.42&id=c4d5271830c606af4a6803b645af30e79e2a5e8b
CVE-2020-24588 edited at 03 Jun 2021 13:25:44
Description
- A security issue has been found in the IEEE 802.11 implementation (mac80211) of the Linux kernel. It accepts non-SPP A-MSDU frames, which leads to payload being parsed as an L2 frame under an A-MSDU bit toggling attack.
+ The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.
References
https://www.openwall.com/lists/oss-security/2021/05/11/12
https://papers.mathyvanhoef.com/usenix2021.pdf
https://www.fragattacks.com/
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=6eec99250f3a0763de58a7ef9ffca53e137356db
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=6433f0051b2950acbb4ec2faae6fc98b33eb642e
- https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
- https://lore.kernel.org/linux-wireless/20210511200110.25d93176ddaf.I9e265b597f2cd23eb44573f35b625947b386a9de@changeid/
- https://lore.kernel.org/linux-wireless/20210511200110.11968c725b5c.Idd166365ebea2771c0c0a38c78b5060750f90e17@changeid/
CVE-2020-24588 edited at 11 May 2021 18:58:00
Description
- A security issue has been found in the ath10k and ath11k wireless drivers of the Linux kernel. It accepts non-SPP A-MSDU frames, which leads to payload being parsed as an L2 frame under an A-MSDU bit toggling attack.
+ A security issue has been found in the IEEE 802.11 implementation (mac80211) of the Linux kernel. It accepts non-SPP A-MSDU frames, which leads to payload being parsed as an L2 frame under an A-MSDU bit toggling attack.
CVE-2020-24588 edited at 11 May 2021 18:55:27
References
https://www.openwall.com/lists/oss-security/2021/05/11/12
https://papers.mathyvanhoef.com/usenix2021.pdf
https://www.fragattacks.com/
https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
https://lore.kernel.org/linux-wireless/20210511200110.25d93176ddaf.I9e265b597f2cd23eb44573f35b625947b386a9de@changeid/
+ https://lore.kernel.org/linux-wireless/20210511200110.11968c725b5c.Idd166365ebea2771c0c0a38c78b5060750f90e17@changeid/
CVE-2020-24588 edited at 11 May 2021 18:53:15
References
https://www.openwall.com/lists/oss-security/2021/05/11/12
https://papers.mathyvanhoef.com/usenix2021.pdf
https://www.fragattacks.com/
https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
+ https://lore.kernel.org/linux-wireless/20210511200110.25d93176ddaf.I9e265b597f2cd23eb44573f35b625947b386a9de@changeid/
CVE-2020-24588 edited at 11 May 2021 18:51:14
Type
- Incorrect calculation
+ Insufficient validation
References
https://www.openwall.com/lists/oss-security/2021/05/11/12
https://papers.mathyvanhoef.com/usenix2021.pdf
https://www.fragattacks.com/
https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
CVE-2020-24588 edited at 11 May 2021 18:45:46
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Incorrect calculation
Description
+ A security issue has been found in the ath10k and ath11k wireless drivers of the Linux kernel. It accepts non-SPP A-MSDU frames, which leads to payload being parsed as an L2 frame under an A-MSDU bit toggling attack.
References
+ https://www.openwall.com/lists/oss-security/2021/05/11/12
+ https://papers.mathyvanhoef.com/usenix2021.pdf
+ https://www.fragattacks.com/
+ https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
CVE-2020-24588 created at 11 May 2021 18:39:39
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes