CVE-2020-26141 log

Source
Severity Medium
Remote Yes
Type Insufficient validation
Description
An issue was discovered in the Linux kernel before version 5.12.9. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.
Group Package Affected Fixed Severity Status Ticket
AVG-2034 linux-lts 5.10.41-1 5.10.42-1 Medium Fixed
AVG-2033 linux-hardened 5.12.7.hardened1-1 5.12.9.hardened1-1 Medium Fixed
AVG-2032 linux-zen 5.12.8.zen1-1 5.12.9.zen1-1 Medium Fixed
AVG-2031 linux 5.12.8.arch1-1 5.12.9.arch1-1 Medium Fixed
References
https://www.openwall.com/lists/oss-security/2021/05/11/12
https://papers.mathyvanhoef.com/usenix2021.pdf
https://www.fragattacks.com/
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=a15a0151da2134545d5016ea068a39f96d1272f5
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.42&id=6643b21aee1c3cac10da9dfb0fa17aacc431fa91