CVE-2020-26147
Summary
| CVE | CVE-2020-26147 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-05-11 20:15:08 UTC |
| Updated | 2026-04-14 10:16:18 UTC |
| Description | An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. |
Risk And Classification
Primary CVSS: v3.1 5.4 MEDIUM from [email protected]
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
Problem Types: NVD-CWE-Other | n/a
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 5.4 | MEDIUM | CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N |
| 2.0 | [email protected] | Primary | 3.2 | AV:A/AC:H/Au:N/C:P/I:P/A:N |
CVSS v3.1 Breakdown
Attack Vector
AdjacentAttack Complexity
HighPrivileges Required
NoneUser Interaction
RequiredScope
UnchangedConfidentiality
LowIntegrity
HighAvailability
NoneCVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
CVSS v2.0 Breakdown
Access Vector
AdjacentAccess Complexity
HighAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
NoneAV:A/AC:H/Au:N/C:P/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Linux | Linux Kernel | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Na | N/a | affected n/a | Not specified |
| ADP | Siemens | SCALANCE W1748-1 M12 | affected V3.0.0 custom | Not specified |
| ADP | Siemens | SCALANCE W1748-1 M12 | affected V3.0.0 custom | Not specified |
| ADP | Siemens | SCALANCE W1788-1 M12 | affected V3.0.0 custom | Not specified |
| ADP | Siemens | SCALANCE W1788-2 EEC M12 | affected V3.0.0 custom | Not specified |
| ADP | Siemens | SCALANCE W1788-2 M12 | affected V3.0.0 custom | Not specified |
| ADP | Siemens | SCALANCE W1788-2IA M12 | affected V3.0.0 custom | Not specified |
| ADP | Siemens | SCALANCE W721-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W721-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W721-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W721-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W722-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W722-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W722-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W722-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W722-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W722-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W734-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W734-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W734-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W734-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W734-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W734-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W734-1 RJ45 USA | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W734-1 RJ45 USA | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W738-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W738-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W738-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W738-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W748-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W748-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W748-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W748-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W748-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W748-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W748-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W748-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W761-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W761-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W761-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W761-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 RJ45 USA | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W774-1 RJ45 USA | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W778-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W778-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W778-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W778-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W778-1 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W778-1 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W778-1 M12 EEC USA | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W778-1 M12 EEC USA | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2 SFP | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2 SFP | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2 SFP | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2 SFP | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2IA RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2IA RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2IA RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W786-2IA RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-1 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-1 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 M12 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 M12 EEC | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 RJ45 | affected V6.6.0 custom | Not specified |
| ADP | Siemens | SCALANCE W788-2 RJ45 | affected V6.6.0 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf | af854a3a-2127-422b-91ae-364da2661108 | cert-portal.siemens.com | Third Party Advisory |
| fragattacks/SUMMARY.md at master · vanhoefm/fragattacks · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Third Party Advisory |
| cert-portal.siemens.com/productcert/html/ssa-019200.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| FragAttacks: Security flaws in all Wi-Fi devices | af854a3a-2127-422b-91ae-364da2661108 | www.fragattacks.com | Product |
| cert-portal.siemens.com/productcert/html/ssa-913875.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| [SECURITY] [DLA 2689-1] linux security update | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | Mailing List, Third Party Advisory |
| [SECURITY] [DLA 2690-1] linux-4.19 security update | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | Mailing List, Third Party Advisory |
| Security Advisory 0063 - Arista | af854a3a-2127-422b-91ae-364da2661108 | www.arista.com | Third Party Advisory |
| Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021 | af854a3a-2127-422b-91ae-364da2661108 | tools.cisco.com | Third Party Advisory |
| oss-security - various 802.11 security issues - fragattacks.com | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Patch, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159338 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9404)
- 159339 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2021-9406)
- 159399 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9452)
- 159400 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2021-9453)
- 159403 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9459)
- 159492 Oracle Enterprise Linux Security Update for kernel (ELSA-2021-4356)
- 178679 Debian Security Update for linux-4.19 (DLA 2690-1)
- 178680 Debian Security Update for linux (DLA 2689-1)
- 198416 Ubuntu Security Notification for Linux kernel vulnerabilities (USN-4997-1)
- 198417 Ubuntu Security Notification for Linux kernel vulnerabilities (USN-4999-1)
- 198418 Ubuntu Security Notification for Linux kernel vulnerabilities (USN-5000-1)
- 198419 Ubuntu Security Notification for Linux kernel (OEM) vulnerabilities (USN-5001-1)
- 198425 Ubuntu Security Notification for Linux kernel (KVM) vulnerabilities (USN-5000-2)
- 198426 Ubuntu Security Notification for Linux kernel (KVM) vulnerabilities (USN-4997-2)
- 198459 Ubuntu Security Notification for Linux, Linux-aws, Linux-aws-hwe, Linux-azure, Linux-azure-4.15, Linux-gcp, (USN-5018-1)
- 239816 Red Hat Update for kernel security (RHSA-2021:4356)
- 239879 Red Hat Update for kernel-rt (RHSA-2021:4140)
- 352831 Amazon Linux Security Advisory for kernel: ALAC2012-2021-030
- 352832 Amazon Linux Security Advisory for kmod-sfc: ALAC2012-2021-031
- 352833 Amazon Linux Security Advisory for kmod-mlx5: ALAC2012-2021-032
- 353147 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-004
- 353158 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-002
- 390248 Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2021-0035)
- 591035 Siemens SCALANCE FragAttacks Multiple Vulnerabilities (ICSA-22-104-04) (SSA-913875)
- 591150 Hitachi ABB Power Grids TropOS Multiple Vulnerabilities (ICSA-21-236-01,9AKK107992A4463)
- 610373 Google Android Devices October 2021 Security Patch Missing
- 610383 Google Android November 2021 Security Patch Missing for LGE
- 671051 EulerOS Security Update for kernel (EulerOS-SA-2021-2663)
- 671441 EulerOS Security Update for kernel (EulerOS-SA-2022-1366)
- 671703 EulerOS Security Update for kernel (EulerOS-SA-2022-1735)
- 690816 Free Berkeley Software Distribution (FreeBSD) Security Update for freebsd-kernel (8d20bd48-a4f3-11ec-90de-1c697aa5a594)
- 750117 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:1891-1)
- 750118 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:1890-1)
- 750121 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:1888-1)
- 750125 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:1887-1)
- 750126 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:1889-1)
- 750139 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:1913-1)
- 750140 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:1912-1)
- 750171 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:0843-1)
- 750650 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:1975-1)
- 750652 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:1977-1)
- 750741 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:0947-1)
- 750762 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1977-1)
- 750766 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1975-1)
- 750864 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:2421-1)
- 750880 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:2451-1)
- 940265 AlmaLinux Security Update for kernel (ALSA-2021:4356)