Security Vulnerabilities: FRAGATTACKS aka CVE-2020-24586 , CVE-2020-24587
This document (000020244) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Desktop 15
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
SUSE Linux Enterprise Desktop 15
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Situation
Security Researcher Mathy Vanhoef discovered various attacks against Wi-Fi (802.11) stacks and also against the Wi-Fi standard related to Wi-Fi fragments. This vulnerability is documented on the https://www.fragattacks.com/ website and called FRAGATTACKS.
This set of vulnerabilities can allow local attackers in Wi-Fi range to inject traffic even in encrypted Wi-Fi networks, or get access to information of other users in the same Wi-Fi network.
If the system is not using Wi-Fi, it is not affected. These issues largely affect the Hardware / Firmware of Wi-Fi cards.
Two CVEs are also in the mac80211 stack of the Linux, and will be addressed by updates to the Linux Kernel. These issues have received CVE-2020-24586 and CVE-2020-24587. These and others CVEs are fixed in the various Wi-Fi firmware, which we will be releasing once they become available from the Wi-Fi card vendors support by Linux, via "kernel-firmware" updates.
This set of vulnerabilities can allow local attackers in Wi-Fi range to inject traffic even in encrypted Wi-Fi networks, or get access to information of other users in the same Wi-Fi network.
If the system is not using Wi-Fi, it is not affected. These issues largely affect the Hardware / Firmware of Wi-Fi cards.
Two CVEs are also in the mac80211 stack of the Linux, and will be addressed by updates to the Linux Kernel. These issues have received CVE-2020-24586 and CVE-2020-24587. These and others CVEs are fixed in the various Wi-Fi firmware, which we will be releasing once they become available from the Wi-Fi card vendors support by Linux, via "kernel-firmware" updates.
Resolution
Install updates once they become available.
Cause
The following CVEs will be addressed by either Linux kernel or Wi-Fi firmware updates:
- CVE-2020-24586 - Fragmentation cache not cleared on reconnection
- CVE-2020-24587 - Reassembling fragments encrypted under different keys
- CVE-2020-24588 - Accepting non-SPP A-MSDU frames, which leads to payload being parsed as an L2 frame under an A-MSDU bit toggling attack
- CVE-2020-26139 - Forwarding EAPOL from unauthenticated sender
- CVE-2020-26140 - Accepting plaintext data frames in protected networks
- CVE-2020-26141 - Not verifying TKIP MIC of fragmented frames
- CVE-2020-26142 - Processing fragmented frames as full frames
- CVE-2020-26143 - Accepting fragmented plaintext frames in protected networks
- CVE-2020-26144 - Always accepting unencrypted A-MSDU frames that start with RFC1042 header with EAPOL ethertype
- CVE-2020-26145 - Accepting plaintext broadcast fragments as full frames
- CVE-2020-26146 - Reassembling encrypted fragments with non-consecutive packet numbers
- CVE-2020-26147 - Reassembling mixed encrypted/plaintext fragments
Status
Security Alert
Additional Information
References:
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000020244
- Creation Date: 12-May-2021
- Modified Date:12-May-2021
-
- SUSE Linux Enterprise Desktop
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
