CVE-2020-26141 - log back

CVE-2020-26141 edited at 03 Jun 2021 14:11:45
References
https://www.openwall.com/lists/oss-security/2021/05/11/12
https://papers.mathyvanhoef.com/usenix2021.pdf
https://www.fragattacks.com/
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=a15a0151da2134545d5016ea068a39f96d1272f5
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.42&id=6643b21aee1c3cac10da9dfb0fa17aacc431fa91
CVE-2020-26141 edited at 03 Jun 2021 13:50:48
Description
- An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.
+ An issue was discovered in the Linux kernel before version 5.12.9. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.
CVE-2020-26141 edited at 03 Jun 2021 13:40:41
Description
- A security issue has been found in the IEEE 802.11 implementation (mac80211) of the Linux kernel. The TKIP MIC of fragmented frames is not verified.
+ An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.
References
https://www.openwall.com/lists/oss-security/2021/05/11/12
https://papers.mathyvanhoef.com/usenix2021.pdf
https://www.fragattacks.com/
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=a15a0151da2134545d5016ea068a39f96d1272f5
- https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
- https://lore.kernel.org/linux-wireless/20210511200110.c3f1d42c6746.I795593fcaae941c471425b8c7d5f7bb185d29142@changeid/
CVE-2020-26141 edited at 11 May 2021 18:58:18
Description
- A security issue has been found in the ath10k and ath11k wireless drivers of the Linux kernel. The TKIP MIC of fragmented frames is not verified.
+ A security issue has been found in the IEEE 802.11 implementation (mac80211) of the Linux kernel. The TKIP MIC of fragmented frames is not verified.
CVE-2020-26141 edited at 11 May 2021 18:55:48
References
https://www.openwall.com/lists/oss-security/2021/05/11/12
https://papers.mathyvanhoef.com/usenix2021.pdf
https://www.fragattacks.com/
https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
+ https://lore.kernel.org/linux-wireless/20210511200110.c3f1d42c6746.I795593fcaae941c471425b8c7d5f7bb185d29142@changeid/
CVE-2020-26141 edited at 11 May 2021 18:47:42
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Insufficient validation
Description
+ A security issue has been found in the ath10k and ath11k wireless drivers of the Linux kernel. The TKIP MIC of fragmented frames is not verified.
References
+ https://www.openwall.com/lists/oss-security/2021/05/11/12
+ https://papers.mathyvanhoef.com/usenix2021.pdf
+ https://www.fragattacks.com/
+ https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
CVE-2020-26141 created at 11 May 2021 18:39:39
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes