1959642 – (CVE-2020-24586) CVE-2020-24586 kernel: Fragmentation cache not cleared on reconnection

Bug 1959642 (CVE-2020-24586) - CVE-2020-24586 kernel: Fragmentation cache not cleared on reconnection

Summary: CVE-2020-24586 kernel: Fragmentation cache not cleared on reconnection

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2020-24586
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1978151 1960107 1960108
Blocks:	1959275
TreeView+	depends on / blocked

Reported:	2021-05-12 01:24 UTC by Wade Mealing
Modified:	2021-12-17 09:58 UTC (History)
CC List:	50 users (show)
Fixed In Version:	kernel 5.13 rc4
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the Linux kernels implementation of wifi fragmentation handling. An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device.
Clone Of:
Environment:
Last Closed:	2021-11-09 20:56:04 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2021:4140	0	None	None	None	2021-11-09 17:22:33 UTC
Red Hat Product Errata	RHSA-2021:4356	0	None	None	None	2021-11-09 18:25:27 UTC

Description Wade Mealing 2021-05-12 01:24:53 UTC

A flaw was found in the Linux kernels implementation of wifi fragmentation handling. An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device.

Upstream patch: 

https://lore.kernel.org/linux-wireless/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid/

Comment 4 Wade Mealing 2021-05-13 04:27:25 UTC

Mitigation:

Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Comment 20 errata-xmlrpc 2021-11-09 17:22:30 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4140 https://access.redhat.com/errata/RHSA-2021:4140

Comment 21 errata-xmlrpc 2021-11-09 18:25:24 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4356 https://access.redhat.com/errata/RHSA-2021:4356

Comment 22 Product Security DevOps Team 2021-11-09 20:56:01 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-24586

Note You need to log in before you can comment on or make changes to this bug.

acaringi
adscvr
airlied
alciregi
bhu
blc
bmasney
brdeoliv
bskeggs
chwhite
crwood
dhoward
dvlasenk
fcanogab
fhrbata
fpacheco
hdegoede
hkrzesin
ihuguet
jarod
jarodwilson
jburrell
jeremy
jfaracco
jforbes
jlelli
jonathan
josef
jshortt
jstancek
jwboyer
kcarcia
kernel-maint
kernel-mgr
lgoncalv
linville
lzampier
masami256
mchehab
mlangsdo
nmurray
ptalbert
qzhao
rvrbovsk
scweaver
steved
vkumar
walters
wcosta
williams