A vulnerability was found in Linux Kernel, where the wifi implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration. Upstream patch: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1960495]
As per the research paper ( https://papers.mathyvanhoef.com/usenix2021.pdf page 13 and 14). "Certain implementations, such as OpenBSD and the ESP-12F, do not support A-MSDUs or fragmented frames. However, they are still vulnerable to attacks because they treat all frames as non-fragmented ones (CVE-2020-26142)." Marking notaffected as I do not see where this affecting RHEL or Linux systems. I would suggest Fedora do the same, but I'll let them make that call. Thanks.
`git log --oneline --grep CVE-2020-24588` gives this output: 2c2bdd2372af mt76: validate rx A-MSDU subframes 079a108feba4 ath10k: drop MPDU which has discard flag set by firmware for SDIO 270032a2a9c4 mac80211: drop A-MSDUs on old ciphers 2b8a1fee3488 cfg80211: mitigate A-MSDU aggregation attacks Looking at the patches, they claim to fix this CVE and similar attacks. I suggest reopening this BZ.
(In reply to Íñigo Huguet from comment #6) > `git log --oneline --grep CVE-2020-24588` gives this output: > 2c2bdd2372af mt76: validate rx A-MSDU subframes > 079a108feba4 ath10k: drop MPDU which has discard flag set by firmware for > SDIO > 270032a2a9c4 mac80211: drop A-MSDUs on old ciphers > 2b8a1fee3488 cfg80211: mitigate A-MSDU aggregation attacks > > Looking at the patches, they claim to fix this CVE and similar attacks. I > suggest reopening this BZ. Sorry, my mistake, I mixed 2 different CVEs. Forget that.
This was fixed for Fedora with the 5.12.9 stable kernel updates.