Description
An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.
References (10)
Core 10
Core References
Third Party Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
Product x_refsource_misc
https://www.fragattacks.com
Third Party Advisory x_refsource_misc
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/05/11/12
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
Third Party Advisory x_refsource_misc
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-019200.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-913875.html
Scores
CVSS v3
5.4
EPSS
0.0014
EPSS Percentile
33.0%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
Details
Status
published
Products (8)
arista/c-65_firmware
arista/c-75_firmware
arista/o-90_firmware
arista/w-68_firmware
debian/debian_linux
9.0
linux/linux_kernel
4.4 - 4.4.271
siemens/scalance_w1700_ieee_802.11ac_firmware
siemens/scalance_w700_ieee_802.11n_firmware
Published
May 11, 2021
Tracked Since
Feb 18, 2026