Security Vulnerabilities: FRAGATTACKS aka CVE-2020-24586 , CVE-2020-24587

This document (000020244) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Desktop 15
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11

Situation

Security Researcher Mathy Vanhoef discovered various attacks against Wi-Fi (802.11) stacks and also against the Wi-Fi standard related to Wi-Fi fragments. This vulnerability is documented on the https://www.fragattacks.com/ website and called FRAGATTACKS.

This set of vulnerabilities can allow local attackers in Wi-Fi range to inject traffic even in encrypted Wi-Fi networks, or get access to information of other users in the same Wi-Fi network.

If the system is not using Wi-Fi, it is not affected. These issues largely affect the Hardware / Firmware of Wi-Fi cards.

Two CVEs are also in the mac80211 stack of the Linux, and will be addressed by updates to the Linux Kernel. These issues have received CVE-2020-24586 and CVE-2020-24587. These and others CVEs are fixed in the various Wi-Fi firmware, which we will be releasing once they become available from the Wi-Fi card vendors support by Linux, via "kernel-firmware" updates.

Resolution

Install updates once they become available.

Cause

The following CVEs will be addressed by either Linux kernel or Wi-Fi firmware updates:
  • CVE-2020-24586 - Fragmentation cache not cleared on reconnection
  • CVE-2020-24587 - Reassembling fragments encrypted under different keys
  • CVE-2020-24588 - Accepting non-SPP A-MSDU frames, which leads to payload being parsed as an L2 frame under an A-MSDU bit toggling attack
  • CVE-2020-26139 - Forwarding EAPOL from unauthenticated sender
  • CVE-2020-26140 - Accepting plaintext data frames in protected networks
  • CVE-2020-26141 - Not verifying TKIP MIC of fragmented frames
  • CVE-2020-26142 - Processing fragmented frames as full frames
  • CVE-2020-26143 - Accepting fragmented plaintext frames in protected networks
  • CVE-2020-26144 - Always accepting unencrypted A-MSDU frames that start with RFC1042 header with EAPOL ethertype
  • CVE-2020-26145 - Accepting plaintext broadcast fragments as full frames
  • CVE-2020-26146 - Reassembling encrypted fragments with non-consecutive packet numbers
  • CVE-2020-26147 - Reassembling mixed encrypted/plaintext fragments

Status

Security Alert

Additional Information

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020244
  • Creation Date: 12-May-2021
  • Modified Date:12-May-2021
    • SUSE Linux Enterprise Desktop
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center