CVE-2020-26145
medium
CVSS v3
—
CVSS v2
—
VIR risk
5.5
Description
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2021-4356.html
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2020-26145
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2020-26145.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| arch | fixed | 5.12.9.hardened1-1 | |
| sles | affected | | |
| debian | bookworm | fixed | 5.10.46-1 |
| debian | bullseye | fixed | 5.10.46-1 |
| debian | forky | fixed | 5.10.46-1 |
| debian | sid | fixed | 5.10.46-1 |
| debian | trixie | fixed | 5.10.46-1 |
References
Verify integrity in audit chain (admin only). AS-IS.