CVE-2020-26146 log

Source
Severity Medium
Remote Yes
Type Insufficient validation
Description
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.
Group Package Affected Fixed Severity Status Ticket
AVG-2030 linux 5.12.9.arch1-1 Medium Not affected
References
https://www.openwall.com/lists/oss-security/2021/05/11/12
https://papers.mathyvanhoef.com/usenix2021.pdf
https://www.fragattacks.com/