PT-2021-3355 · Samsung+4 · Samsung Galaxy S3+4

Mathy Vanhoef

Published

2021-05-11

Updated

2021-12-06

CVE-2020-26146

CVSS v3.1

5.3

Medium

Vector

AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified) Samsung Galaxy S3 i9305 version 4.4.4

Description The issue exists due to insufficient input validation in the implementation of WEP, WPA, WPA2, and WPA3 algorithms. An adversary can exploit this by sending specially crafted fragmented frames, encrypted using WEP, CCMP, or GCMP, allowing them to impact the integrity of protected information. This can be achieved when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.

Recommendations For Linux kernel, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Samsung Galaxy S3 i9305 version 4.4.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2021:4356

ASB-A-175626808

BDU:2021-03176

CESA-2021_4140

CESA-2021_4356

CVE-2020-26146

RHSA-2021:4140

RHSA-2021:4356

RHSA-2021_4140

RHSA-2021_4356

Affected Products

Almalinux

Centos

Check Point Gaia

Red Hat

Samsung Galaxy S3

PT-2021-3355 · Samsung+4 · Samsung Galaxy S3+4

CVE-2020-26146

Weakness Enumeration

Related Identifiers

Affected Products

References · 76