CVE-2020-26147

Name of the Vulnerable Software and Affected Versions Linux kernel version 5.8.9

Description An issue was discovered in the Linux kernel where the WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. The vulnerability exists due to insufficient input validation, allowing a remote attacker to impact the integrity of protected information using specially crafted fragmented frames encrypted with WEP, CCMP, or GCMP.

Recommendations For Linux kernel version 5.8.9, consider disabling the WEP, WPA, WPA2, and WPA3 implementations until a patch is available. Restrict access to the affected CCMP and GCMP data-confidentiality protocols to minimize the risk of exploitation. Avoid using the WEP protocol in the affected Linux kernel version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.