Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-24586 (GCVE-0-2020-24586)
Vulnerability from cvelistv5 – Published: 2021-05-11 00:00 – Updated: 2024-08-04 15:19
VLAI
EPSS
Summary
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
Severity
CWE
- n/a
Assigner
References
9 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:08.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html"
},
{
"name": "20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.fragattacks.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md"
},
{
"name": "[oss-security] 20210511 various 802.11 security issues - fragattacks.com",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63"
},
{
"name": "[debian-lts-announce] 20230401 [SECURITY] [DLA 3380-1] firmware-nonfree LTS new upstream version (security updates and newer firmware for Linux 5.10)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-01T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html"
},
{
"name": "20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu"
},
{
"url": "https://www.fragattacks.com"
},
{
"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md"
},
{
"name": "[oss-security] 20210511 various 802.11 security issues - fragattacks.com",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
},
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63"
},
{
"name": "[debian-lts-announce] 20230401 [SECURITY] [DLA 3380-1] firmware-nonfree LTS new upstream version (security updates and newer firmware for Linux 5.10)",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24586",
"datePublished": "2021-05-11T00:00:00.000Z",
"dateReserved": "2020-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:19:08.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-24586",
"date": "2026-06-18",
"epss": "0.05765",
"percentile": "0.92105"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ieee:ieee_802.11:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA94FAA4-9BBF-402D-8B33-20A5E8AAFC5D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:linux:mac80211:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20B7EA3B-CCBA-4483-9BDD-DC8ED8689A22\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arista:c-250_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.1-31\", \"matchCriteriaId\": \"B22D5837-A2CC-41AB-8252-1724345AEDC5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arista:c-250:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE97F0AD-8658-476A-8E22-DA67A5FD9F73\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arista:c-260_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.1-31\", \"matchCriteriaId\": \"4180BE58-3CA0-4FFD-B5BE-44E36FDE5F89\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arista:c-260:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A006A8BD-D56E-40C2-ADD2-C11759153808\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arista:c-230_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.1-31\", \"matchCriteriaId\": \"59BE4F3A-477A-4DE9-B293-F2AF2CCED9A3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arista:c-230:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29B18F4E-4968-493A-BC90-5D8D7F619F39\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arista:c-235_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.1-31\", \"matchCriteriaId\": \"96A0A5F0-B046-4B53-92BC-D21705B1597C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arista:c-235:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"54878C0D-8842-490F-B556-76AF47A65891\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:arista:c-200_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.0.0-36\", \"matchCriteriaId\": \"C62FEC63-9790-44DF-8AA0-050E89E883B1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:arista:c-200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F81C550-CE6F-4E68-A088-5EC0CEF40600\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:ax210_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"22.30.0.11\", \"matchCriteriaId\": \"1C073E29-FABA-4A07-A833-0E0A2CA5C9F4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:ax210:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F226D74C-4A48-4AC0-A565-A00D555E27D6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:ax201_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"22.30.0.11\", \"matchCriteriaId\": \"3A5420D2-2979-4BA7-8BF5-2F522CCE3C74\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:ax201:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4649D446-130B-4B31-B9ED-BA7F9F7EEB8F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:ax200_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"22.30.0.11\", \"matchCriteriaId\": \"7EC9FE51-D078-41C0-80DB-21820AD151C2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:ax200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9903E2E-A670-40D4-8B9F-D2C0CFDBFC9F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:ac_9560_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"22.30.0.11\", \"matchCriteriaId\": \"D239D907-FE04-4E02-B4BF-7F0A24CCC781\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:ac_9560:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D382D4A1-C8FD-4B47-B2C4-145232EC8AC5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:ac_9462_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"22.30.0.11\", \"matchCriteriaId\": \"EDD21C53-CCBA-43FD-9DF7-A087705EC26E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:ac_9462:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E89EB0D-233A-486A-BDAE-F5726432CD7E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:ac_9461_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"22.30.0.11\", \"matchCriteriaId\": \"19F30CC4-1D90-4298-BE72-307F8CD9C8E4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:ac_9461:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A11E55E8-5FA9-4ED7-AB61-03F22EE1759B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:ac_9260_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"22.30.0.11\", \"matchCriteriaId\": \"F8D25023-2C51-4186-BEE6-0C1096181C7C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:ac_9260:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2795E42-D044-4D48-BCB2-61CC1A3471B1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:ac_8265_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"20.70.21.2\", \"matchCriteriaId\": \"1091737E-15B8-4F29-AFC7-DAB19B4736DB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:ac_8265:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C08E2F3E-C4B5-4227-A88D-C50E209A12CF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:ac_8260_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"20.70.21.2\", \"matchCriteriaId\": \"33EF2DC9-CD1E-43C1-88AF-9E83E2E4EC81\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:ac_8260:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5A8F30C-6BB7-4CC6-ADBE-1859DAF66C58\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:ac_3168_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"19.51.33.1\", \"matchCriteriaId\": \"9F779EAF-1408-4994-9701-CE24AC5FB8A9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:ac_3168:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED5B2BCE-2D8A-440C-B866-76E035314022\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:ac_7265_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"19.51.33.1\", \"matchCriteriaId\": \"FE6B04BC-69A8-469C-8364-F8CA6F5B09D2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:ac_7265:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F9F1CE7-8F14-4526-A857-7B954EC4BB6F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:ac_3165_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"19.51.33.1\", \"matchCriteriaId\": \"42A7C347-86AF-4397-B227-C636D352CB87\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:ac_3165:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"197A3DA1-B8EF-438F-B933-32253C43C8EE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:ax1675_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0DAB2B67-5C39-4438-8E36-3F740A697599\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:ax1675:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F407ACA-0952-4717-A302-2D5CEB6DB111\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:ax1650_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B39FB813-1EC0-4B5C-B8CB-F5129DBF94C2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:ax1650:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8B944F7-4A5F-41D0-A910-6F978F66CAA0\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:ac_1550_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A66D96C8-7C0D-4615-B825-A15DBB37B920\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:intel:ac_1550:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12419474-DB56-462D-9116-3614A4BBAF20\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.4\", \"versionEndExcluding\": \"4.4.271\", \"matchCriteriaId\": \"C2C083CF-3D4D-4AF0-8461-835F6AC264CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.9\", \"versionEndExcluding\": \"4.9.271\", \"matchCriteriaId\": \"11580478-2F79-45B8-9BC0-FEF28259A4F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.14\", \"versionEndExcluding\": \"4.14.235\", \"matchCriteriaId\": \"970E3D3C-8829-4599-95A7-AC63136CE48E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.19\", \"versionEndExcluding\": \"4.19.193\", \"matchCriteriaId\": \"FC7D3563-5878-403A-9BB7-6C44E6FE10A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.4\", \"versionEndExcluding\": \"5.4.124\", \"matchCriteriaId\": \"01D49B11-5E8A-427F-B9BE-8A5174DEDD65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.10\", \"versionEndExcluding\": \"5.10.42\", \"matchCriteriaId\": \"B39B1E70-2AF7-4482-9ADF-45A1C04A4BC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.12\", \"versionEndExcluding\": \"5.12.9\", \"matchCriteriaId\": \"3B1CFA77-6B5E-430C-AC49-3B3508F2D903\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.\"}, {\"lang\": \"es\", \"value\": \"El est\\u00e1ndar 802.11 que sustenta a Wi-Fi Protected Access (WPA, WPA2, y WPA3) y Wired Equivalent Privacy (WEP) no requiere que los fragmentos recibidos se borren de la memoria despu\\u00e9s de (re)conectarse a una red.\u0026#xa0;En las circunstancias adecuadas, cuando otro dispositivo env\\u00eda tramas fragmentadas cifradas mediante WEP, CCMP o GCMP, se puede abusar de esto para inyectar paquetes de red arbitrarios y/o exfiltrar datos del usuario\"}]",
"id": "CVE-2020-24586",
"lastModified": "2024-11-21T05:15:03.803",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\", \"baseScore\": 3.5, \"baseSeverity\": \"LOW\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.9, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 5.5, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2021-05-11T20:15:08.537",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2021/05/11/12\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.fragattacks.com\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2021/05/11/12\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.fragattacks.com\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-24586\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-05-11T20:15:08.537\",\"lastModified\":\"2024-11-21T05:15:03.803\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.\"},{\"lang\":\"es\",\"value\":\"El est\u00e1ndar 802.11 que sustenta a Wi-Fi Protected Access (WPA, WPA2, y WPA3) y Wired Equivalent Privacy (WEP) no requiere que los fragmentos recibidos se borren de la memoria despu\u00e9s de (re)conectarse a una red.\u0026#xa0;En las circunstancias adecuadas, cuando otro dispositivo env\u00eda tramas fragmentadas cifradas mediante WEP, CCMP o GCMP, se puede abusar de esto para inyectar paquetes de red arbitrarios y/o exfiltrar datos del usuario\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"baseScore\":3.5,\"baseSeverity\":\"LOW\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.1,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":2.9,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":5.5,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ieee:ieee_802.11:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA94FAA4-9BBF-402D-8B33-20A5E8AAFC5D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linux:mac80211:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20B7EA3B-CCBA-4483-9BDD-DC8ED8689A22\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arista:c-250_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.1-31\",\"matchCriteriaId\":\"B22D5837-A2CC-41AB-8252-1724345AEDC5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arista:c-250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE97F0AD-8658-476A-8E22-DA67A5FD9F73\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arista:c-260_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.1-31\",\"matchCriteriaId\":\"4180BE58-3CA0-4FFD-B5BE-44E36FDE5F89\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arista:c-260:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A006A8BD-D56E-40C2-ADD2-C11759153808\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arista:c-230_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.1-31\",\"matchCriteriaId\":\"59BE4F3A-477A-4DE9-B293-F2AF2CCED9A3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arista:c-230:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29B18F4E-4968-493A-BC90-5D8D7F619F39\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arista:c-235_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.1-31\",\"matchCriteriaId\":\"96A0A5F0-B046-4B53-92BC-D21705B1597C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arista:c-235:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54878C0D-8842-490F-B556-76AF47A65891\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:arista:c-200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.0.0-36\",\"matchCriteriaId\":\"C62FEC63-9790-44DF-8AA0-050E89E883B1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:arista:c-200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F81C550-CE6F-4E68-A088-5EC0CEF40600\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:ax210_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.30.0.11\",\"matchCriteriaId\":\"1C073E29-FABA-4A07-A833-0E0A2CA5C9F4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:ax210:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F226D74C-4A48-4AC0-A565-A00D555E27D6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:ax201_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.30.0.11\",\"matchCriteriaId\":\"3A5420D2-2979-4BA7-8BF5-2F522CCE3C74\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:ax201:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4649D446-130B-4B31-B9ED-BA7F9F7EEB8F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:ax200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.30.0.11\",\"matchCriteriaId\":\"7EC9FE51-D078-41C0-80DB-21820AD151C2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:ax200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9903E2E-A670-40D4-8B9F-D2C0CFDBFC9F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:ac_9560_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.30.0.11\",\"matchCriteriaId\":\"D239D907-FE04-4E02-B4BF-7F0A24CCC781\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:ac_9560:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D382D4A1-C8FD-4B47-B2C4-145232EC8AC5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:ac_9462_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.30.0.11\",\"matchCriteriaId\":\"EDD21C53-CCBA-43FD-9DF7-A087705EC26E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:ac_9462:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E89EB0D-233A-486A-BDAE-F5726432CD7E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:ac_9461_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.30.0.11\",\"matchCriteriaId\":\"19F30CC4-1D90-4298-BE72-307F8CD9C8E4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:ac_9461:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A11E55E8-5FA9-4ED7-AB61-03F22EE1759B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:ac_9260_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"22.30.0.11\",\"matchCriteriaId\":\"F8D25023-2C51-4186-BEE6-0C1096181C7C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:ac_9260:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2795E42-D044-4D48-BCB2-61CC1A3471B1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:ac_8265_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20.70.21.2\",\"matchCriteriaId\":\"1091737E-15B8-4F29-AFC7-DAB19B4736DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:ac_8265:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C08E2F3E-C4B5-4227-A88D-C50E209A12CF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:ac_8260_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20.70.21.2\",\"matchCriteriaId\":\"33EF2DC9-CD1E-43C1-88AF-9E83E2E4EC81\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:ac_8260:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5A8F30C-6BB7-4CC6-ADBE-1859DAF66C58\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:ac_3168_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"19.51.33.1\",\"matchCriteriaId\":\"9F779EAF-1408-4994-9701-CE24AC5FB8A9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:ac_3168:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED5B2BCE-2D8A-440C-B866-76E035314022\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:ac_7265_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"19.51.33.1\",\"matchCriteriaId\":\"FE6B04BC-69A8-469C-8364-F8CA6F5B09D2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:ac_7265:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F9F1CE7-8F14-4526-A857-7B954EC4BB6F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:ac_3165_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"19.51.33.1\",\"matchCriteriaId\":\"42A7C347-86AF-4397-B227-C636D352CB87\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:ac_3165:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"197A3DA1-B8EF-438F-B933-32253C43C8EE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:ax1675_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DAB2B67-5C39-4438-8E36-3F740A697599\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:ax1675:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F407ACA-0952-4717-A302-2D5CEB6DB111\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:ax1650_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B39FB813-1EC0-4B5C-B8CB-F5129DBF94C2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:ax1650:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8B944F7-4A5F-41D0-A910-6F978F66CAA0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:ac_1550_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A66D96C8-7C0D-4615-B825-A15DBB37B920\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:ac_1550:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12419474-DB56-462D-9116-3614A4BBAF20\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.4\",\"versionEndExcluding\":\"4.4.271\",\"matchCriteriaId\":\"C2C083CF-3D4D-4AF0-8461-835F6AC264CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.9\",\"versionEndExcluding\":\"4.9.271\",\"matchCriteriaId\":\"11580478-2F79-45B8-9BC0-FEF28259A4F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.14\",\"versionEndExcluding\":\"4.14.235\",\"matchCriteriaId\":\"970E3D3C-8829-4599-95A7-AC63136CE48E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.19\",\"versionEndExcluding\":\"4.19.193\",\"matchCriteriaId\":\"FC7D3563-5878-403A-9BB7-6C44E6FE10A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4\",\"versionEndExcluding\":\"5.4.124\",\"matchCriteriaId\":\"01D49B11-5E8A-427F-B9BE-8A5174DEDD65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.10.42\",\"matchCriteriaId\":\"B39B1E70-2AF7-4482-9ADF-45A1C04A4BC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.12\",\"versionEndExcluding\":\"5.12.9\",\"matchCriteriaId\":\"3B1CFA77-6B5E-430C-AC49-3B3508F2D903\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2021/05/11/12\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.fragattacks.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/05/11/12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.fragattacks.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2022-AVI-075
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits SonicWall. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- SonicWall TZs TZ270W, TZ370W, TZ470W et TZ570W versions antérieures à 7.0.1-5024
- SonicWave APs GEN7/WNM 231o, 231c, 224w, 432o, 432e et 432i versions antérieures à 9.2.3.6_2
- SonicWave APs GEN6 UTM 231o, 231c, 224w, 432o, 432e et 432i versions antérieures à 9.2.3.0_49
- SOHO250W, pas de correctif proposé par l'éditeur
- SonicPoint APs ACe, ACi et N2, pas de correctif proposé par l'éditeur
- SonicWall TZs TZ300W et TZ400W, pas de correctif proposé par l'éditeur
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eSonicWall TZs TZ270W, TZ370W, TZ470W et TZ570W versions ant\u00e9rieures \u00e0 7.0.1-5024\u003c/li\u003e \u003cli\u003eSonicWave APs GEN7/WNM 231o, 231c, 224w, 432o, 432e et 432i versions ant\u00e9rieures \u00e0 9.2.3.6_2\u003c/li\u003e \u003cli\u003eSonicWave APs GEN6 UTM 231o, 231c, 224w, 432o, 432e et 432i versions ant\u00e9rieures \u00e0 9.2.3.0_49\u003c/li\u003e \u003c/ul\u003e \u003cul\u003e \u003cli\u003eSOHO250W, pas de correctif propos\u00e9 par l\u0027\u00e9diteur\u003c/li\u003e \u003cli\u003eSonicPoint APs ACe, ACi et N2, pas de correctif propos\u00e9 par l\u0027\u00e9diteur\u003c/li\u003e \u003cli\u003eSonicWall TZs TZ300W et TZ400W, pas de correctif propos\u00e9 par l\u0027\u00e9diteur\u003c/li\u003e \u003c/ul\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-24587",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24587"
},
{
"name": "CVE-2020-26146",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26146"
},
{
"name": "CVE-2020-26143",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26143"
},
{
"name": "CVE-2020-24588",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24588"
},
{
"name": "CVE-2020-26140",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26140"
},
{
"name": "CVE-2020-24586",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24586"
},
{
"name": "CVE-2020-26147",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26147"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-075",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSonicWall. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SonicWall",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SonicWall SNWLID-2021-0015 du 21 janvier 2022",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0015"
}
]
}
CERTFR-2022-AVI-706
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Belden. Elles permettent à un attaquant de provoquer un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BAT-C2 versions ant\u00e9rieures \u00e0 09.12.01.00R01",
"product": {
"name": "N/A",
"vendor": {
"name": "Belden",
"scada": true
}
}
},
{
"description": "OpenBAT, WLC, BAT450 versions ant\u00e9rieures \u00e0 10.12-RU6, 10.12-RU7",
"product": {
"name": "N/A",
"vendor": {
"name": "Belden",
"scada": true
}
}
},
{
"description": "EagleSDV versions ant\u00e9rieures \u00e0 05.4.02",
"product": {
"name": "N/A",
"vendor": {
"name": "Belden",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-261471",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-261471"
},
{
"name": "CVE-2020-24587",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24587"
},
{
"name": "CVE-2020-26146",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26146"
},
{
"name": "CVE-2020-24588",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24588"
},
{
"name": "CVE-2020-24586",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24586"
},
{
"name": "CVE-2020-26144",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26144"
},
{
"name": "CVE-2020-26142",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26142"
},
{
"name": "CVE-2020-26147",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26147"
},
{
"name": "CVE-2020-26145",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26145"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-706",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nBelden. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Belden",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Belden BSECV-2022-13 du 01 ao\u00fbt 2022",
"url": "https://dam.belden.com/dmm3bwsv3/assetstream.aspx?assetid=14662\u0026mediaformatid=50063\u0026destinationid=10016"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Belden BSECV-2021-16 du 01 ao\u00fbt 2022",
"url": "https://dam.belden.com/dmm3bwsv3/assetstream.aspx?assetid=14146\u0026mediaformatid=50063\u0026destinationid=10016"
}
]
}
CISCO-SA-WIFI-FAF-22EPCEWU
Vulnerability from csaf_cisco - Published: 2021-05-11 18:00 - Updated: 2021-12-15 15:47Summary
Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
Notes
Summary: On May 11, 2021, the research paper Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation was made public. This paper discusses 12 vulnerabilities in the 802.11 standard. One vulnerability is in the frame aggregation functionality, two vulnerabilities are in the frame fragmentation functionality, and the other nine are implementation vulnerabilities. These vulnerabilities could allow an attacker to forge encrypted frames, which could in turn enable the exfiltration of sensitive data from a targeted device.
This advisory will be updated as additional information becomes available.
Affected Products: Cisco is investigating its product line to determine which products may be affected by these vulnerabilities. As the investigation progresses, Cisco will update this advisory with information about affected products.
Vulnerable Products: The following table lists Cisco products that are affected by the vulnerabilities that are described in this advisory. If a future release date is indicated for software, the date provided represents an estimate based on all information known to Cisco as of the Last Updated date at the top of the advisory. Availability dates are subject to change based on a number of factors, including satisfactory testing results and delivery of other priority features and fixes. If no version or date is listed for an affected component (indicated by a blank field and/or an advisory designation of Interim), Cisco is continuing to evaluate the fix and will update the advisory as additional information becomes available. After the advisory is marked Final, customers should refer to the associated Cisco bug(s) for further details.
CVE ID Cisco Bug ID Fixed Release Availability ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"] Aironet 1532 APs, AP803 Integrated AP on IR829 Industrial Integrated Services Routers CVE-2020-24586 CSCvy32690 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy32690"] 8.5MR8
8.10MR6 CVE-2020-24587 CSCvy32690 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy32690"] 8.5MR8
8.10MR6 CVE-2020-24588 CSCvy32690 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy32690"] 8.5MR8
8.10MR6 CVE-2020-26139 Not affected N/A CVE-2020-26140 Not affected N/A CVE-2020-26141 Not affected N/A CVE-2020-26142 Not affected N/A CVE-2020-26143 Not affected N/A CVE-2020-26144 Not affected N/A CVE-2020-26145 Not affected N/A CVE-2020-26146 Not affected N/A CVE-2020-26147 Not affected N/A Aironet 1542 APs, Aironet 1810 APs, Aironet 1815 APs, Aironet 1832 APs, Aironet 1842 APs, Aironet 1852 APs, Aironet 1800i APs CVE-2020-24586 Not affected N/A CVE-2020-24587 CSCvx24420 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24420"] 8.5MR8
8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-24588 CSCvx24420 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24420"] 8.5MR8
8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-26139 CSCvx24420 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24420"] 8.5MR8
8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-26140 Not affected N/A CVE-2020-26141 Not affected N/A CVE-2020-26142 Not affected N/A CVE-2020-26143 Not affected N/A CVE-2020-26144 Not affected N/A CVE-2020-26145 CSCvx24420 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24420"] 8.5MR8
8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-26146 CSCvx24420 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24420"] 8.5MR8
8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-26147 Not affected N/A Aironet 1552 APs, Aironet 1552H APs, Aironet 1572 APs, Aironet 1702 APs, Aironet 2702 APs, Aironet 3702 APs, IW 3702 APs CVE-2020-24586 CSCvy32680 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy32680"] 8.5MR8
8.10MR6
16.12.6
17.3.4 CVE-2020-24587 CSCvy32680 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy32680"] 8.5MR8
8.10MR6
16.12.6
17.3.4 CVE-2020-24588 Not affected N/A CVE-2020-26139 Not affected N/A CVE-2020-26140 Not affected N/A CVE-2020-26141 Not affected N/A CVE-2020-26142 Not affected N/A CVE-2020-26143 Not affected N/A CVE-2020-26144 Not affected N/A CVE-2020-26145 Not affected N/A CVE-2020-26146 Not affected N/A CVE-2020-26147 Not affected N/A Aironet 1560 Series APs, Aironet 2800 Series APs, Aironet Series 3800 APs, Aironet Series 4800 APs, Catalyst IW 6300 APs, 6300 Series Embedded Services APs (ESW6300) CVE-2020-24586 CSCvx24449 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24449"] 8.5MR8
8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-24587 CSCvx24449 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24449"] 8.5MR8
8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-24588 Not affected N/A CVE-2020-26139 Not affected N/A CVE-2020-26140 CSCvy36698 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy36698"] 8.5MR8
8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-26141 Not affected N/A CVE-2020-26142 Not affected N/A CVE-2020-26143 CSCvy36698 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy36698"] 8.5MR8
8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-26144 Not affected N/A CVE-2020-26145 Not affected N/A CVE-2020-26146 CSCvy36698 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy36698"] 8.5MR8
8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-26147 CSCvy36698 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy36698"] 8.5MR8
8.10MR6
16.12.6
17.3.4
17.6.1 Catalyst 9105 APs, Catalyst 9115 APs, Catalyst 9120 APs, Integrated AP on 1100 Integrated Services Routers CVE-2020-24586 CSCvx24425 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24425"] 8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-24587 CSCvx24425 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24425"] 8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-24588 CSCvx24425 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24425"] 8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-26139 Not affected N/A CVE-2020-26140 Not affected N/A CVE-2020-26141 Not affected N/A CVE-2020-26142 Not affected N/A CVE-2020-26143 Not affected N/A CVE-2020-26144 Not affected N/A CVE-2020-26145 Not affected N/A CVE-2020-26146 Not affected N/A CVE-2020-26147 Not affected N/A Catalyst 9117 APs CVE-2020-24586 CSCvx24439 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24439"] 8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-24587 CSCvx24439 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24439"] 8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-24588 CSCvx24439 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24439"] 8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-26139 CSCvx24439 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24439"] 8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-26140 Not affected N/A CVE-2020-26141 Not affected N/A CVE-2020-26142 Not affected N/A CVE-2020-26143 Not affected N/A CVE-2020-26144 CSCvx24439 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24439"] 8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-26145 CSCvx24439 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24439"] 8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-26146 CSCvx24439 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24439"] 8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-26147 Not affected N/A Catalyst 9124 APs1, Catalyst 9130 APs CVE-2020-24586 CSCvx24428 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24428"]
CSCvx24452 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24452"]
CSCvx24456 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24456"] 8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-24587 CSCvx24428 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24428"]
CSCvx24452 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24452"]
CSCvx24456 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24456"] 8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-24588 CSCvx24428 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24428"]
CSCvx24452 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24452"]
CSCvx24456 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24456"] 8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-26139 CSCvx24428 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24428"]
CSCvx24452 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24452"]
CSCvx24456 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24456"] 8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-26140 Not affected N/A CVE-2020-26141 Not affected N/A CVE-2020-26142 Not affected N/A CVE-2020-26143 Not affected N/A CVE-2020-26144 CSCvx24428 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24428"]
CSCvx24452 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24452"]
CSCvx24456 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24456"] 8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-26145 CSCvx24428 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24428"]
CSCvx24452 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24452"]
CSCvx24456 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24456"] 8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-26146 CSCvx24428 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24428"]
CSCvx24452 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24452"]
CSCvx24456 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24456"] 8.10MR6
16.12.6
17.3.4
17.6.1 CVE-2020-26147 Not affected N/A 1. Catalyst 9124 APs were not supported until Release 17.5, and the fix will be available in Release 17.6.1 Meraki GR10, GR60, MR20, MR30H, MR33, MR36, MR42, MR42E, MR44, MR45, MR46, MR46E, MR52, MR53, MR53E, MR55, MR56, MR70, MR74, MR76, MR84, MR86 CVE-2020-24586 No bug ID MR 27.7.1 CVE-2020-24587 No bug ID MR 27.7.1 CVE-2020-24588 No bug ID MR 27.7.1 CVE-2020-26139 No bug ID MR 27.7.1 CVE-2020-26140 No bug ID MR 27.7.1 CVE-2020-26141 No bug ID MR 27.7.1 CVE-2020-26142 No bug ID MR 27.7.1 CVE-2020-26143 No bug ID MR 27.7.1 CVE-2020-26144 No bug ID MR 27.7.1 CVE-2020-26145 No bug ID MR 27.7.1 CVE-2020-26146 No bug ID MR 27.7.1 CVE-2020-26147 No bug ID MR 27.7.1 Meraki MR12, MR18, MR26, MR32, MR34, MR62, MR66, MR72 CVE-2020-24586 No bug ID MR 26.8.3 CVE-2020-24587 No bug ID MR 26.8.3 CVE-2020-24588 No bug ID MR 26.8.3 CVE-2020-26139 No bug ID MR 26.8.3 CVE-2020-26140 No bug ID MR 26.8.3 CVE-2020-26141 No bug ID MR 26.8.3 CVE-2020-26142 No bug ID MR 26.8.3 CVE-2020-26143 No bug ID MR 26.8.3 CVE-2020-26144 No bug ID MR 26.8.3 CVE-2020-26145 No bug ID MR 26.8.3 CVE-2020-26146 No bug ID MR 26.8.3 CVE-2020-26147 No bug ID MR 26.8.3 Meraki MX64W, MX65W, MX67W, MX67CW, MX68W, MX68CW, Z3, Z3C1 CVE-2020-24586 No bug ID MX 17.0 CVE-2020-24587 No bug ID MX 17.0 CVE-2020-24588 No bug ID MX 17.0 CVE-2020-26139 No bug ID MX 17.0 CVE-2020-26140 No bug ID MX 17.0 CVE-2020-26141 No bug ID MX 17.0 CVE-2020-26142 No bug ID MX 17.0 CVE-2020-26143 No bug ID MX 17.0 CVE-2020-26144 No bug ID MX 17.0 CVE-2020-26145 No bug ID MX 17.0 CVE-2020-26146 No bug ID MX 17.0 CVE-2020-26147 No bug ID MX 17.0 1. Cisco will not fix these vulnerabilities in the following Cisco Meraki products: MX60W and Z1 IP Phone 8861, IP Phone 8865, and IP Conference Phone 8832 CVE-2020-24586 CSCvx60997 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997"] 14.1(1) CVE-2020-24587 CSCvx60997 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997"] 14.1(1) CVE-2020-24588 CSCvx60997 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997"] 14.1(1) CVE-2020-26139 CSCvx60997 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997"] 14.1(1) CVE-2020-26140 CSCvx60997 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997"] 14.1(1) CVE-2020-26141 CSCvx60997 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997"] 14.1(1) CVE-2020-26142 CSCvx60997 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997"] 14.1(1) CVE-2020-26143 CSCvx60997 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997"] 14.1(1) CVE-2020-26144 CSCvx60997 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997"] 14.1(1) CVE-2020-26145 CSCvx60997 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997"] 14.1(1) CVE-2020-26146 CSCvx60997 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997"] 14.1(1) CVE-2020-26147 CSCvx60997 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997"] 14.1(1) IP Phone 6861 and IP Phone 8861 Running Third-Party Call Control (3PCC) Software CVE-2020-24586 CSCvx61001 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001"] 11.3(5) CVE-2020-24587 CSCvx61001 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001"] 11.3(5) CVE-2020-24588 CSCvx61001 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001"] 11.3(5) CVE-2020-26139 CSCvx61001 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001"] 11.3(5) CVE-2020-26140 CSCvx61001 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001"] 11.3(5) CVE-2020-26141 CSCvx61001 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001"] 11.3(5) CVE-2020-26142 CSCvx61001 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001"] 11.3(5) CVE-2020-26143 CSCvx61001 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001"] 11.3(5) CVE-2020-26144 CSCvx61001 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001"] 11.3(5) CVE-2020-26145 CSCvx61001 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001"] 11.3(5) CVE-2020-26146 CSCvx61001 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001"] 11.3(5) CVE-2020-26147 CSCvx61001 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001"] 11.3(5) Wireless IP Phone 8821 CVE-2020-24586 CSCvx61012 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012"] 11.0(6)SR2 CVE-2020-24587 CSCvx61012 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012"] 11.0(6)SR2 CVE-2020-24588 CSCvx61012 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012"] 11.0(6)SR2 CVE-2020-26139 CSCvx61012 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012"] 11.0(6)SR2 CVE-2020-26140 CSCvx61012 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012"] 11.0(6)SR2 CVE-2020-26141 CSCvx61012 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012"] 11.0(6)SR2 CVE-2020-26142 CSCvx61012 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012"] 11.0(6)SR2 CVE-2020-26143 CSCvx61012 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012"] 11.0(6)SR2 CVE-2020-26144 CSCvx61012 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012"] 11.0(6)SR2 CVE-2020-26145 CSCvx61012 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012"] 11.0(6)SR2 CVE-2020-26146 CSCvx61012 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012"] 11.0(6)SR2 CVE-2020-26147 CSCvx61012 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012"] 11.0(6)SR2 Webex Desk Series and Webex Room Series CVE-2020-24586 CSCvx89821 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821"] 1.2(0)SR1 CVE-2020-24587 CSCvx89821 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821"] 1.2(0)SR1 CVE-2020-24588 CSCvx89821 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821"] 1.2(0)SR1 CVE-2020-26139 CSCvx89821 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821"] 1.2(0)SR1 CVE-2020-26140 CSCvx89821 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821"] 1.2(0)SR1 CVE-2020-26141 CSCvx89821 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821"] 1.2(0)SR1 CVE-2020-26142 CSCvx89821 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821"] 1.2(0)SR1 CVE-2020-26143 CSCvx89821 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821"] 1.2(0)SR1 CVE-2020-26144 CSCvx89821 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821"] 1.2(0)SR1 CVE-2020-26145 CSCvx89821 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821"] 1.2(0)SR1 CVE-2020-26146 CSCvx89821 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821"] 1.2(0)SR1 CVE-2020-26147 CSCvx89821 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821"] 1.2(0)SR1 Webex Board Series CVE-2020-24586 CSCvx61020 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020"] 10.8.2.5 CVE-2020-24587 CSCvx61020 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020"] 10.8.2.5 CVE-2020-24588 CSCvx61020 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020"] 10.8.2.5 CVE-2020-26139 CSCvx61020 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020"] 10.8.2.5 CVE-2020-26140 CSCvx61020 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020"] 10.8.2.5 CVE-2020-26141 CSCvx61020 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020"] 10.8.2.5 CVE-2020-26142 CSCvx61020 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020"] 10.8.2.5 CVE-2020-26143 CSCvx61020 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020"] 10.8.2.5 CVE-2020-26144 CSCvx61020 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020"] 10.8.2.5 CVE-2020-26145 CSCvx61020 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020"] 10.8.2.5 CVE-2020-26146 CSCvx61020 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020"] 10.8.2.5 CVE-2020-26147 CSCvx61020 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020"] 10.8.2.5 Webex Wireless Phone 840 and 860 CVE-2020-24586 CSCvx62886 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886"] 1.4(0) CVE-2020-24587 CSCvx62886 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886"] 1.4(0) CVE-2020-24588 CSCvx62886 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886"] 1.4(0) CVE-2020-26139 CSCvx62886 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886"] 1.4(0) CVE-2020-26140 CSCvx62886 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886"] 1.4(0) CVE-2020-26141 CSCvx62886 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886"] 1.4(0) CVE-2020-26142 CSCvx62886 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886"] 1.4(0) CVE-2020-26143 CSCvx62886 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886"] 1.4(0) CVE-2020-26144 CSCvx62886 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886"] 1.4(0) CVE-2020-26145 CSCvx62886 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886"] 1.4(0) CVE-2020-26146 CSCvx62886 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886"] 1.4(0) CVE-2020-26147 CSCvx62886 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886"] 1.4(0)
Products Confirmed Not Vulnerable: Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.
Details: The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities.
For a description of the following vulnerabilities, see Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation ["https://papers.mathyvanhoef.com/usenix2021.pdf"].
For additional information, see FragAttacks ["https://fragattacks.com/"].
CVE-2020-26140: Accepting plaintext data frames in a protected network
Security Impact Rating (SIR): Medium
CVSS Base Score: 6.5
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2020-26143: Accepting fragmented plaintext data frames in a protected network
Security Impact Rating (SIR): Medium
CVSS Base Score: 6.5
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2020-26144: Accepting plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL (in an encrypted network)
Security Impact Rating (SIR): Medium
CVSS Base Score: 6.5
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2020-26145: Accepting plaintext broadcast fragments as full frames (in an encrypted network)
Security Impact Rating (SIR): Medium
CVSS Base Score: 6.5
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2020-24586: Not clearing fragments from memory when (re)connecting to a network
Security Impact Rating (SIR): Medium
CVSS Base Score: 5.7
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2020-24588: Accepting non-SPP A-MSDU frames
Security Impact Rating (SIR): Medium
CVSS Base Score: 5.7
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2020-26139: Forwarding EAPOL frames even though the sender is not yet authenticated
Security Impact Rating (SIR): Medium
CVSS Base Score: 5.7
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2020-26141: Not verifying the TKIP MIC of fragmented frames
Security Impact Rating (SIR): Medium
CVSS Base Score: 5.7
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2020-26142: Processing fragmented frames as full frames
Security Impact Rating (SIR): Medium
CVSS Base Score: 5.7
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2020-24587: Reassembling fragments encrypted under different keys
Security Impact Rating (SIR): Medium
CVSS Base Score: 4.8
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2020-26146: Reassembling encrypted fragments with non-consecutive packet numbers
Security Impact Rating (SIR): Medium
CVSS Base Score: 4.8
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2020-26147: Reassembling mixed encrypted/plaintext fragments
Security Impact Rating (SIR): Medium
CVSS Base Score: 4.8
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Workarounds: There are no workarounds that address these vulnerabilities.
Fixed Software: For information about fixed software releases ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], consult the Cisco bugs identified in the Vulnerable Products ["#vp"] section of this advisory.
When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Vulnerability Policy: To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Exploitation and Public Announcements: The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.
The Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory.
Source: These vulnerabilities were reported to Cisco by Dr. Mathy Vanhoef of New York University Abu Dhabi. Cisco would like to thank Dr. Vanhoef for his continued help and support during the handling of these vulnerabilities.
Legal Disclaimer: THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
6.5 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Cisco IP Phones with Multiplatform Firmware
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco TelePresence Endpoint Software (TC/CE)
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Webex Room Phone
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Aironet Access Point Software (IOS XE Controller)
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Aironet Access Point Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Business Wireless Access Point Software
Cisco
|
— |
Vendor Fix
fix
|
4.8 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Cisco Aironet Access Point Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco IP Phones with Multiplatform Firmware
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Business Wireless Access Point Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Webex Room Phone
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco TelePresence Endpoint Software (TC/CE)
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Aironet Access Point Software (IOS XE Controller)
Cisco
|
— |
Vendor Fix
fix
|
4.8 (Medium)
6.5 (Medium)
6.5 (Medium)
6.5 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Cisco IP Phones with Multiplatform Firmware
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Webex Room Phone
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco TelePresence Endpoint Software (TC/CE)
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Aironet Access Point Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Business Wireless Access Point Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Aironet Access Point Software (IOS XE Controller)
Cisco
|
— |
Vendor Fix
fix
|
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Cisco IP Phones with Multiplatform Firmware
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Webex Room Phone
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco TelePresence Endpoint Software (TC/CE)
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Aironet Access Point Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Business Wireless Access Point Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Aironet Access Point Software (IOS XE Controller)
Cisco
|
— |
Vendor Fix
fix
|
4.8 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Cisco IP Phones with Multiplatform Firmware
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco TelePresence Endpoint Software (TC/CE)
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Webex Room Phone
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Business Wireless Access Point Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Aironet Access Point Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Aironet Access Point Software (IOS XE Controller)
Cisco
|
— |
Vendor Fix
fix
|
5.7 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Cisco Business Wireless Access Point Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Aironet Access Point Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco IP Phones with Multiplatform Firmware
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco TelePresence Endpoint Software (TC/CE)
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Webex Room Phone
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Aironet Access Point Software (IOS XE Controller)
Cisco
|
— |
Vendor Fix
fix
|
5.7 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Cisco Aironet Access Point Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Business Wireless Access Point Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco IP Phones with Multiplatform Firmware
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco TelePresence Endpoint Software (TC/CE)
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Webex Room Phone
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Aironet Access Point Software (IOS XE Controller)
Cisco
|
— |
Vendor Fix
fix
|
References
22 references
Acknowledgments
{
"document": {
"acknowledgments": [
{
"summary": "These vulnerabilities were reported to Cisco by Dr. Mathy Vanhoef of New York University Abu Dhabi. Cisco would like to thank Dr. Vanhoef for his continued help and support during the handling of these vulnerabilities."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"notes": [
{
"category": "summary",
"text": "On May 11, 2021, the research paper Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation was made public. This paper discusses 12 vulnerabilities in the 802.11 standard. One vulnerability is in the frame aggregation functionality, two vulnerabilities are in the frame fragmentation functionality, and the other nine are implementation vulnerabilities. These vulnerabilities could allow an attacker to forge encrypted frames, which could in turn enable the exfiltration of sensitive data from a targeted device.\r\n\r\nThis advisory will be updated as additional information becomes available.\r\n\r\n",
"title": "Summary"
},
{
"category": "general",
"text": "Cisco is investigating its product line to determine which products may be affected by these vulnerabilities. As the investigation progresses, Cisco will update this advisory with information about affected products.",
"title": "Affected Products"
},
{
"category": "general",
"text": "The following table lists Cisco products that are affected by the vulnerabilities that are described in this advisory. If a future release date is indicated for software, the date provided represents an estimate based on all information known to Cisco as of the Last Updated date at the top of the advisory. Availability dates are subject to change based on a number of factors, including satisfactory testing results and delivery of other priority features and fixes. If no version or date is listed for an affected component (indicated by a blank field and/or an advisory designation of Interim), Cisco is continuing to evaluate the fix and will update the advisory as additional information becomes available. After the advisory is marked Final, customers should refer to the associated Cisco bug(s) for further details.\r\n CVE ID Cisco Bug ID Fixed Release Availability [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"] Aironet 1532 APs, AP803 Integrated AP on IR829 Industrial Integrated Services Routers CVE-2020-24586 CSCvy32690 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy32690\"] 8.5MR8\r\n8.10MR6 CVE-2020-24587 CSCvy32690 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy32690\"] 8.5MR8\r\n8.10MR6 CVE-2020-24588 CSCvy32690 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy32690\"] 8.5MR8\r\n8.10MR6 CVE-2020-26139 Not affected N/A CVE-2020-26140 Not affected N/A CVE-2020-26141 Not affected N/A CVE-2020-26142 Not affected N/A CVE-2020-26143 Not affected N/A CVE-2020-26144 Not affected N/A CVE-2020-26145 Not affected N/A CVE-2020-26146 Not affected N/A CVE-2020-26147 Not affected N/A Aironet 1542 APs, Aironet 1810 APs, Aironet 1815 APs, Aironet 1832 APs, Aironet 1842 APs, Aironet 1852 APs, Aironet 1800i APs CVE-2020-24586 Not affected N/A CVE-2020-24587 CSCvx24420 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24420\"] 8.5MR8\r\n8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-24588 CSCvx24420 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24420\"] 8.5MR8\r\n8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-26139 CSCvx24420 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24420\"] 8.5MR8\r\n8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-26140 Not affected N/A CVE-2020-26141 Not affected N/A CVE-2020-26142 Not affected N/A CVE-2020-26143 Not affected N/A CVE-2020-26144 Not affected N/A CVE-2020-26145 CSCvx24420 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24420\"] 8.5MR8\r\n8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-26146 CSCvx24420 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24420\"] 8.5MR8\r\n8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-26147 Not affected N/A Aironet 1552 APs, Aironet 1552H APs, Aironet 1572 APs, Aironet 1702 APs, Aironet 2702 APs, Aironet 3702 APs, IW 3702 APs CVE-2020-24586 CSCvy32680 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy32680\"] 8.5MR8\r\n8.10MR6\r\n16.12.6\r\n17.3.4 CVE-2020-24587 CSCvy32680 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy32680\"] 8.5MR8\r\n8.10MR6\r\n16.12.6\r\n17.3.4 CVE-2020-24588 Not affected N/A CVE-2020-26139 Not affected N/A CVE-2020-26140 Not affected N/A CVE-2020-26141 Not affected N/A CVE-2020-26142 Not affected N/A CVE-2020-26143 Not affected N/A CVE-2020-26144 Not affected N/A CVE-2020-26145 Not affected N/A CVE-2020-26146 Not affected N/A CVE-2020-26147 Not affected N/A Aironet 1560 Series APs, Aironet 2800 Series APs, Aironet Series 3800 APs, Aironet Series 4800 APs, Catalyst IW 6300 APs, 6300 Series Embedded Services APs (ESW6300) CVE-2020-24586 CSCvx24449 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24449\"] 8.5MR8\r\n8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-24587 CSCvx24449 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24449\"] 8.5MR8\r\n8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-24588 Not affected N/A CVE-2020-26139 Not affected N/A CVE-2020-26140 CSCvy36698 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy36698\"] 8.5MR8\r\n8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-26141 Not affected N/A CVE-2020-26142 Not affected N/A CVE-2020-26143 CSCvy36698 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy36698\"] 8.5MR8\r\n8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-26144 Not affected N/A CVE-2020-26145 Not affected N/A CVE-2020-26146 CSCvy36698 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy36698\"] 8.5MR8\r\n8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-26147 CSCvy36698 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy36698\"] 8.5MR8\r\n8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 Catalyst 9105 APs, Catalyst 9115 APs, Catalyst 9120 APs, Integrated AP on 1100 Integrated Services Routers CVE-2020-24586 CSCvx24425 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24425\"] 8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-24587 CSCvx24425 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24425\"] 8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-24588 CSCvx24425 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24425\"] 8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-26139 Not affected N/A CVE-2020-26140 Not affected N/A CVE-2020-26141 Not affected N/A CVE-2020-26142 Not affected N/A CVE-2020-26143 Not affected N/A CVE-2020-26144 Not affected N/A CVE-2020-26145 Not affected N/A CVE-2020-26146 Not affected N/A CVE-2020-26147 Not affected N/A Catalyst 9117 APs CVE-2020-24586 CSCvx24439 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24439\"] 8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-24587 CSCvx24439 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24439\"] 8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-24588 CSCvx24439 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24439\"] 8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-26139 CSCvx24439 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24439\"] 8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-26140 Not affected N/A CVE-2020-26141 Not affected N/A CVE-2020-26142 Not affected N/A CVE-2020-26143 Not affected N/A CVE-2020-26144 CSCvx24439 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24439\"] 8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-26145 CSCvx24439 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24439\"] 8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-26146 CSCvx24439 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24439\"] 8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-26147 Not affected N/A Catalyst 9124 APs1, Catalyst 9130 APs CVE-2020-24586 CSCvx24428 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24428\"]\r\nCSCvx24452 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24452\"]\r\nCSCvx24456 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24456\"] 8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-24587 CSCvx24428 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24428\"]\r\nCSCvx24452 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24452\"]\r\nCSCvx24456 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24456\"] 8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-24588 CSCvx24428 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24428\"]\r\nCSCvx24452 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24452\"]\r\nCSCvx24456 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24456\"] 8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-26139 CSCvx24428 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24428\"]\r\nCSCvx24452 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24452\"]\r\nCSCvx24456 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24456\"] 8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-26140 Not affected N/A CVE-2020-26141 Not affected N/A CVE-2020-26142 Not affected N/A CVE-2020-26143 Not affected N/A CVE-2020-26144 CSCvx24428 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24428\"]\r\nCSCvx24452 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24452\"]\r\nCSCvx24456 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24456\"] 8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-26145 CSCvx24428 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24428\"]\r\nCSCvx24452 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24452\"]\r\nCSCvx24456 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24456\"] 8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-26146 CSCvx24428 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24428\"]\r\nCSCvx24452 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24452\"]\r\nCSCvx24456 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24456\"] 8.10MR6\r\n16.12.6\r\n17.3.4\r\n17.6.1 CVE-2020-26147 Not affected N/A 1. Catalyst 9124 APs were not supported until Release 17.5, and the fix will be available in Release 17.6.1 Meraki GR10, GR60, MR20, MR30H, MR33, MR36, MR42, MR42E, MR44, MR45, MR46, MR46E, MR52, MR53, MR53E, MR55, MR56, MR70, MR74, MR76, MR84, MR86 CVE-2020-24586 No bug ID MR 27.7.1 CVE-2020-24587 No bug ID MR 27.7.1 CVE-2020-24588 No bug ID MR 27.7.1 CVE-2020-26139 No bug ID MR 27.7.1 CVE-2020-26140 No bug ID MR 27.7.1 CVE-2020-26141 No bug ID MR 27.7.1 CVE-2020-26142 No bug ID MR 27.7.1 CVE-2020-26143 No bug ID MR 27.7.1 CVE-2020-26144 No bug ID MR 27.7.1 CVE-2020-26145 No bug ID MR 27.7.1 CVE-2020-26146 No bug ID MR 27.7.1 CVE-2020-26147 No bug ID MR 27.7.1 Meraki MR12, MR18, MR26, MR32, MR34, MR62, MR66, MR72 CVE-2020-24586 No bug ID MR 26.8.3 CVE-2020-24587 No bug ID MR 26.8.3 CVE-2020-24588 No bug ID MR 26.8.3 CVE-2020-26139 No bug ID MR 26.8.3 CVE-2020-26140 No bug ID MR 26.8.3 CVE-2020-26141 No bug ID MR 26.8.3 CVE-2020-26142 No bug ID MR 26.8.3 CVE-2020-26143 No bug ID MR 26.8.3 CVE-2020-26144 No bug ID MR 26.8.3 CVE-2020-26145 No bug ID MR 26.8.3 CVE-2020-26146 No bug ID MR 26.8.3 CVE-2020-26147 No bug ID MR 26.8.3 Meraki MX64W, MX65W, MX67W, MX67CW, MX68W, MX68CW, Z3, Z3C1 CVE-2020-24586 No bug ID MX 17.0 CVE-2020-24587 No bug ID MX 17.0 CVE-2020-24588 No bug ID MX 17.0 CVE-2020-26139 No bug ID MX 17.0 CVE-2020-26140 No bug ID MX 17.0 CVE-2020-26141 No bug ID MX 17.0 CVE-2020-26142 No bug ID MX 17.0 CVE-2020-26143 No bug ID MX 17.0 CVE-2020-26144 No bug ID MX 17.0 CVE-2020-26145 No bug ID MX 17.0 CVE-2020-26146 No bug ID MX 17.0 CVE-2020-26147 No bug ID MX 17.0 1. Cisco will not fix these vulnerabilities in the following Cisco Meraki products: MX60W and Z1 IP Phone 8861, IP Phone 8865, and IP Conference Phone 8832 CVE-2020-24586 CSCvx60997 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997\"] 14.1(1) CVE-2020-24587 CSCvx60997 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997\"] 14.1(1) CVE-2020-24588 CSCvx60997 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997\"] 14.1(1) CVE-2020-26139 CSCvx60997 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997\"] 14.1(1) CVE-2020-26140 CSCvx60997 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997\"] 14.1(1) CVE-2020-26141 CSCvx60997 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997\"] 14.1(1) CVE-2020-26142 CSCvx60997 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997\"] 14.1(1) CVE-2020-26143 CSCvx60997 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997\"] 14.1(1) CVE-2020-26144 CSCvx60997 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997\"] 14.1(1) CVE-2020-26145 CSCvx60997 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997\"] 14.1(1) CVE-2020-26146 CSCvx60997 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997\"] 14.1(1) CVE-2020-26147 CSCvx60997 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997\"] 14.1(1) IP Phone 6861 and IP Phone 8861 Running Third-Party Call Control (3PCC) Software CVE-2020-24586 CSCvx61001 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001\"] 11.3(5) CVE-2020-24587 CSCvx61001 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001\"] 11.3(5) CVE-2020-24588 CSCvx61001 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001\"] 11.3(5) CVE-2020-26139 CSCvx61001 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001\"] 11.3(5) CVE-2020-26140 CSCvx61001 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001\"] 11.3(5) CVE-2020-26141 CSCvx61001 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001\"] 11.3(5) CVE-2020-26142 CSCvx61001 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001\"] 11.3(5) CVE-2020-26143 CSCvx61001 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001\"] 11.3(5) CVE-2020-26144 CSCvx61001 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001\"] 11.3(5) CVE-2020-26145 CSCvx61001 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001\"] 11.3(5) CVE-2020-26146 CSCvx61001 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001\"] 11.3(5) CVE-2020-26147 CSCvx61001 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001\"] 11.3(5) Wireless IP Phone 8821 CVE-2020-24586 CSCvx61012 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012\"] 11.0(6)SR2 CVE-2020-24587 CSCvx61012 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012\"] 11.0(6)SR2 CVE-2020-24588 CSCvx61012 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012\"] 11.0(6)SR2 CVE-2020-26139 CSCvx61012 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012\"] 11.0(6)SR2 CVE-2020-26140 CSCvx61012 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012\"] 11.0(6)SR2 CVE-2020-26141 CSCvx61012 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012\"] 11.0(6)SR2 CVE-2020-26142 CSCvx61012 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012\"] 11.0(6)SR2 CVE-2020-26143 CSCvx61012 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012\"] 11.0(6)SR2 CVE-2020-26144 CSCvx61012 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012\"] 11.0(6)SR2 CVE-2020-26145 CSCvx61012 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012\"] 11.0(6)SR2 CVE-2020-26146 CSCvx61012 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012\"] 11.0(6)SR2 CVE-2020-26147 CSCvx61012 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012\"] 11.0(6)SR2 Webex Desk Series and Webex Room Series CVE-2020-24586 CSCvx89821 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821\"] 1.2(0)SR1 CVE-2020-24587 CSCvx89821 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821\"] 1.2(0)SR1 CVE-2020-24588 CSCvx89821 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821\"] 1.2(0)SR1 CVE-2020-26139 CSCvx89821 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821\"] 1.2(0)SR1 CVE-2020-26140 CSCvx89821 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821\"] 1.2(0)SR1 CVE-2020-26141 CSCvx89821 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821\"] 1.2(0)SR1 CVE-2020-26142 CSCvx89821 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821\"] 1.2(0)SR1 CVE-2020-26143 CSCvx89821 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821\"] 1.2(0)SR1 CVE-2020-26144 CSCvx89821 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821\"] 1.2(0)SR1 CVE-2020-26145 CSCvx89821 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821\"] 1.2(0)SR1 CVE-2020-26146 CSCvx89821 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821\"] 1.2(0)SR1 CVE-2020-26147 CSCvx89821 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821\"] 1.2(0)SR1 Webex Board Series CVE-2020-24586 CSCvx61020 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020\"] 10.8.2.5 CVE-2020-24587 CSCvx61020 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020\"] 10.8.2.5 CVE-2020-24588 CSCvx61020 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020\"] 10.8.2.5 CVE-2020-26139 CSCvx61020 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020\"] 10.8.2.5 CVE-2020-26140 CSCvx61020 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020\"] 10.8.2.5 CVE-2020-26141 CSCvx61020 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020\"] 10.8.2.5 CVE-2020-26142 CSCvx61020 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020\"] 10.8.2.5 CVE-2020-26143 CSCvx61020 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020\"] 10.8.2.5 CVE-2020-26144 CSCvx61020 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020\"] 10.8.2.5 CVE-2020-26145 CSCvx61020 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020\"] 10.8.2.5 CVE-2020-26146 CSCvx61020 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020\"] 10.8.2.5 CVE-2020-26147 CSCvx61020 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020\"] 10.8.2.5 Webex Wireless Phone 840 and 860 CVE-2020-24586 CSCvx62886 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886\"] 1.4(0) CVE-2020-24587 CSCvx62886 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886\"] 1.4(0) CVE-2020-24588 CSCvx62886 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886\"] 1.4(0) CVE-2020-26139 CSCvx62886 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886\"] 1.4(0) CVE-2020-26140 CSCvx62886 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886\"] 1.4(0) CVE-2020-26141 CSCvx62886 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886\"] 1.4(0) CVE-2020-26142 CSCvx62886 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886\"] 1.4(0) CVE-2020-26143 CSCvx62886 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886\"] 1.4(0) CVE-2020-26144 CSCvx62886 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886\"] 1.4(0) CVE-2020-26145 CSCvx62886 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886\"] 1.4(0) CVE-2020-26146 CSCvx62886 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886\"] 1.4(0) CVE-2020-26147 CSCvx62886 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886\"] 1.4(0)",
"title": "Vulnerable Products"
},
{
"category": "general",
"text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.",
"title": "Products Confirmed Not Vulnerable"
},
{
"category": "general",
"text": "The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities.\r\n\r\nFor a description of the following vulnerabilities, see Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation [\"https://papers.mathyvanhoef.com/usenix2021.pdf\"].\r\n\r\nFor additional information, see FragAttacks [\"https://fragattacks.com/\"].\r\n\r\nCVE-2020-26140: Accepting plaintext data frames in a protected network\r\n\r\nSecurity Impact Rating (SIR): Medium\r\nCVSS Base Score: 6.5\r\nCVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\r\n\r\nCVE-2020-26143: Accepting fragmented plaintext data frames in a protected network\r\n\r\nSecurity Impact Rating (SIR): Medium\r\nCVSS Base Score: 6.5\r\nCVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\r\n\r\nCVE-2020-26144: Accepting plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL (in an encrypted network)\r\n\r\nSecurity Impact Rating (SIR): Medium\r\nCVSS Base Score: 6.5\r\nCVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\r\n\r\nCVE-2020-26145: Accepting plaintext broadcast fragments as full frames (in an encrypted network)\r\n\r\nSecurity Impact Rating (SIR): Medium\r\nCVSS Base Score: 6.5\r\nCVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\r\n\r\nCVE-2020-24586: Not clearing fragments from memory when (re)connecting to a network\r\n\r\nSecurity Impact Rating (SIR): Medium\r\nCVSS Base Score: 5.7\r\nCVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\r\n\r\nCVE-2020-24588: Accepting non-SPP A-MSDU frames\r\n\r\nSecurity Impact Rating (SIR): Medium\r\nCVSS Base Score: 5.7\r\nCVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\r\n\r\nCVE-2020-26139: Forwarding EAPOL frames even though the sender is not yet authenticated\r\n\r\nSecurity Impact Rating (SIR): Medium\r\nCVSS Base Score: 5.7\r\nCVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\r\n\r\nCVE-2020-26141: Not verifying the TKIP MIC of fragmented frames\r\n\r\nSecurity Impact Rating (SIR): Medium\r\nCVSS Base Score: 5.7\r\nCVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\r\n\r\nCVE-2020-26142: Processing fragmented frames as full frames\r\n\r\nSecurity Impact Rating (SIR): Medium\r\nCVSS Base Score: 5.7\r\nCVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\r\n\r\nCVE-2020-24587: Reassembling fragments encrypted under different keys\r\n\r\nSecurity Impact Rating (SIR): Medium\r\nCVSS Base Score: 4.8\r\nCVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N\r\n\r\nCVE-2020-26146: Reassembling encrypted fragments with non-consecutive packet numbers\r\n\r\nSecurity Impact Rating (SIR): Medium\r\nCVSS Base Score: 4.8\r\nCVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N\r\n\r\nCVE-2020-26147: Reassembling mixed encrypted/plaintext fragments\r\n\r\nSecurity Impact Rating (SIR): Medium\r\nCVSS Base Score: 4.8\r\nCVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"title": "Details"
},
{
"category": "general",
"text": "There are no workarounds that address these vulnerabilities.",
"title": "Workarounds"
},
{
"category": "general",
"text": "For information about fixed software releases [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], consult the Cisco bugs identified in the Vulnerable Products [\"#vp\"] section of this advisory.\r\n\r\nWhen considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.",
"title": "Fixed Software"
},
{
"category": "general",
"text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
"title": "Vulnerability Policy"
},
{
"category": "general",
"text": "The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory.",
"title": "Exploitation and Public Announcements"
},
{
"category": "general",
"text": "These vulnerabilities were reported to Cisco by Dr. Mathy Vanhoef of New York University Abu Dhabi. Cisco would like to thank Dr. Vanhoef for his continued help and support during the handling of these vulnerabilities.",
"title": "Source"
},
{
"category": "legal_disclaimer",
"text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
"title": "Legal Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@cisco.com",
"issuing_authority": "Cisco PSIRT",
"name": "Cisco",
"namespace": "https://wwww.cisco.com"
},
"references": [
{
"category": "self",
"summary": "Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu"
},
{
"category": "external",
"summary": "Cisco Security Vulnerability Policy",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
},
{
"category": "external",
"summary": "Fixed Release Availability",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
},
{
"category": "external",
"summary": "CSCvy32690",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy32690"
},
{
"category": "external",
"summary": "CSCvx24420",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24420"
},
{
"category": "external",
"summary": "CSCvy32680",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy32680"
},
{
"category": "external",
"summary": "CSCvx24449",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24449"
},
{
"category": "external",
"summary": "CSCvy36698",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy36698"
},
{
"category": "external",
"summary": "CSCvx24425",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24425"
},
{
"category": "external",
"summary": "CSCvx24439",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24439"
},
{
"category": "external",
"summary": "CSCvx24428",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24428"
},
{
"category": "external",
"summary": "CSCvx24452",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24452"
},
{
"category": "external",
"summary": "CSCvx24456",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx24456"
},
{
"category": "external",
"summary": "CSCvx60997",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx60997"
},
{
"category": "external",
"summary": "CSCvx61001",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61001"
},
{
"category": "external",
"summary": "CSCvx61012",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61012"
},
{
"category": "external",
"summary": "CSCvx89821",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx89821"
},
{
"category": "external",
"summary": "CSCvx61020",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx61020"
},
{
"category": "external",
"summary": "CSCvx62886",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62886"
},
{
"category": "external",
"summary": "Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation",
"url": "https://papers.mathyvanhoef.com/usenix2021.pdf"
},
{
"category": "external",
"summary": "FragAttacks",
"url": "https://fragattacks.com/"
},
{
"category": "external",
"summary": "Cisco\u0026nbsp;Security Advisories page",
"url": "https://www.cisco.com/go/psirt"
}
],
"title": "Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021",
"tracking": {
"current_release_date": "2021-12-15T15:47:26+00:00",
"generator": {
"date": "2024-05-10T23:04:25+00:00",
"engine": {
"name": "TVCE"
}
},
"id": "cisco-sa-wifi-faf-22epcEWu",
"initial_release_date": "2021-05-11T18:00:00+00:00",
"revision_history": [
{
"date": "2021-05-10T16:33:53+00:00",
"number": "1.0.0",
"summary": "Initial public release."
},
{
"date": "2021-05-11T21:59:40+00:00",
"number": "1.1.0",
"summary": "Updated affected Meraki MR products."
},
{
"date": "2021-05-14T20:43:24+00:00",
"number": "1.2.0",
"summary": "Added additional affected products."
},
{
"date": "2021-05-17T17:42:47+00:00",
"number": "1.3.0",
"summary": "Added additional affected products."
},
{
"date": "2021-05-19T20:50:42+00:00",
"number": "1.4.0",
"summary": "Added additional fixed releases."
},
{
"date": "2021-06-02T20:48:21+00:00",
"number": "1.5.0",
"summary": "Update affected products."
},
{
"date": "2021-07-13T18:42:53+00:00",
"number": "1.6.0",
"summary": "Added additional fixed releases for Meraki products."
},
{
"date": "2021-08-30T19:06:07+00:00",
"number": "1.7.0",
"summary": "Updated fixed release details for multiple products."
},
{
"date": "2021-10-05T14:54:59+00:00",
"number": "1.8.0",
"summary": "Updated fixed release details for Aironet 1532/AP803 products."
},
{
"date": "2021-12-15T15:47:26+00:00",
"number": "1.9.0",
"summary": "Updated fixed releases."
}
],
"status": "final",
"version": "1.9.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_family",
"name": "Cisco Aironet Access Point Software",
"product": {
"name": "Cisco Aironet Access Point Software ",
"product_id": "CSAFPID-190024"
}
},
{
"category": "product_family",
"name": "Cisco IP Phones with Multiplatform Firmware",
"product": {
"name": "Cisco IP Phones with Multiplatform Firmware ",
"product_id": "CSAFPID-277607"
}
},
{
"category": "product_family",
"name": "Cisco TelePresence Endpoint Software (TC/CE)",
"product": {
"name": "Cisco TelePresence Endpoint Software (TC/CE) ",
"product_id": "CSAFPID-278404"
}
},
{
"category": "product_family",
"name": "Cisco Webex Room Phone",
"product": {
"name": "Cisco Webex Room Phone ",
"product_id": "CSAFPID-278888"
}
},
{
"category": "product_family",
"name": "Cisco Business Wireless Access Point Software",
"product": {
"name": "Cisco Business Wireless Access Point Software ",
"product_id": "CSAFPID-280012"
}
},
{
"category": "product_family",
"name": "Cisco Aironet Access Point Software (IOS XE Controller)",
"product": {
"name": "Cisco Aironet Access Point Software (IOS XE Controller) ",
"product_id": "CSAFPID-280019"
}
}
],
"category": "vendor",
"name": "Cisco"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-26144",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62884"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62876"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx89821"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62886"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24452"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24428"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24439"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24456"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-277607",
"CSAFPID-278404",
"CSAFPID-278888",
"CSAFPID-280019",
"CSAFPID-190024",
"CSAFPID-280012"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-278404",
"CSAFPID-190024",
"CSAFPID-280012",
"CSAFPID-280019",
"CSAFPID-278888",
"CSAFPID-277607"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-277607",
"CSAFPID-278404",
"CSAFPID-278888"
]
}
],
"title": "vuln-CVE-2020-26144"
},
{
"cve": "CVE-2020-26141",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62884"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62876"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx89821"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62886"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-277607",
"CSAFPID-278404",
"CSAFPID-278888"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-278404",
"CSAFPID-278888",
"CSAFPID-277607"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-277607",
"CSAFPID-278404",
"CSAFPID-278888"
]
}
],
"title": "vuln-CVE-2020-26141"
},
{
"cve": "CVE-2020-26146",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24420"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24425"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24439"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24441"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24440"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24449"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvy32694"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62884"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62876"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62886"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx89821"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-190024",
"CSAFPID-277607",
"CSAFPID-280012",
"CSAFPID-278888",
"CSAFPID-278404",
"CSAFPID-280019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-278404",
"CSAFPID-190024",
"CSAFPID-280012",
"CSAFPID-280019",
"CSAFPID-278888",
"CSAFPID-277607"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-190024",
"CSAFPID-277607",
"CSAFPID-280012",
"CSAFPID-278888",
"CSAFPID-278404"
]
}
],
"title": "vuln-CVE-2020-26146"
},
{
"cve": "CVE-2020-26147",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62884"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62876"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx89821"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62886"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-277607",
"CSAFPID-278404",
"CSAFPID-278888"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-278404",
"CSAFPID-278888",
"CSAFPID-277607"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-277607",
"CSAFPID-278404",
"CSAFPID-278888"
]
}
],
"title": "vuln-CVE-2020-26147"
},
{
"cve": "CVE-2020-26140",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62884"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62876"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx89821"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62886"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-277607",
"CSAFPID-278404",
"CSAFPID-278888"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-278404",
"CSAFPID-278888",
"CSAFPID-277607"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-277607",
"CSAFPID-278404",
"CSAFPID-278888"
]
}
],
"title": "vuln-CVE-2020-26140"
},
{
"cve": "CVE-2020-26142",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62884"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62876"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx89821"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62886"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-277607",
"CSAFPID-278404",
"CSAFPID-278888"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-278404",
"CSAFPID-278888",
"CSAFPID-277607"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-277607",
"CSAFPID-278404",
"CSAFPID-278888"
]
}
],
"title": "vuln-CVE-2020-26142"
},
{
"cve": "CVE-2020-26143",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62884"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62876"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62886"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx89821"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-277607",
"CSAFPID-278888",
"CSAFPID-278404"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-278404",
"CSAFPID-278888",
"CSAFPID-277607"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-277607",
"CSAFPID-278888",
"CSAFPID-278404"
]
}
],
"title": "vuln-CVE-2020-26143"
},
{
"cve": "CVE-2020-26145",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62884"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62876"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62886"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx89821"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24420"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24428"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24439"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24456"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24452"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-277607",
"CSAFPID-278888",
"CSAFPID-278404",
"CSAFPID-190024",
"CSAFPID-280012",
"CSAFPID-280019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-278404",
"CSAFPID-190024",
"CSAFPID-280012",
"CSAFPID-280019",
"CSAFPID-278888",
"CSAFPID-277607"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-277607",
"CSAFPID-278888",
"CSAFPID-278404"
]
}
],
"title": "vuln-CVE-2020-26145"
},
{
"cve": "CVE-2020-26139",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62884"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62876"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62886"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx89821"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24420"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24428"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24439"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24456"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24452"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-277607",
"CSAFPID-278888",
"CSAFPID-278404",
"CSAFPID-190024",
"CSAFPID-280012",
"CSAFPID-280019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-278404",
"CSAFPID-190024",
"CSAFPID-280012",
"CSAFPID-280019",
"CSAFPID-278888",
"CSAFPID-277607"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-277607",
"CSAFPID-278888",
"CSAFPID-278404"
]
}
],
"title": "Forwarding EAPOL frames even though the sender is not yet authenticated"
},
{
"cve": "CVE-2020-24587",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62884"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62876"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx89821"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62886"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24420"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24428"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24425"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24439"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24456"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24449"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvy32680"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24452"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-277607",
"CSAFPID-278404",
"CSAFPID-278888",
"CSAFPID-280012",
"CSAFPID-190024",
"CSAFPID-280019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-278404",
"CSAFPID-190024",
"CSAFPID-280012",
"CSAFPID-280019",
"CSAFPID-278888",
"CSAFPID-277607"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-277607",
"CSAFPID-278404",
"CSAFPID-278888"
]
}
],
"title": "Mixed Key Attack Against Fragmentation"
},
{
"cve": "CVE-2020-24586",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24428"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24425"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24439"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24441"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24456"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24449"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvy32680"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24452"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62884"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62876"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx60997"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx61001"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx61012"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62886"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx61020"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx89821"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-280012",
"CSAFPID-190024",
"CSAFPID-277607",
"CSAFPID-278404",
"CSAFPID-278888",
"CSAFPID-280019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-278404",
"CSAFPID-190024",
"CSAFPID-280012",
"CSAFPID-280019",
"CSAFPID-278888",
"CSAFPID-277607"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-280012",
"CSAFPID-190024",
"CSAFPID-277607",
"CSAFPID-278404",
"CSAFPID-278888"
]
}
],
"title": "Fragment Cache Attack"
},
{
"cve": "CVE-2020-24588",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24420"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24428"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24425"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24423"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24439"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24456"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx24452"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvy32690"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62884"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62876"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx89821"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx62886"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-190024",
"CSAFPID-280012",
"CSAFPID-277607",
"CSAFPID-278404",
"CSAFPID-278888",
"CSAFPID-280019"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-278404",
"CSAFPID-190024",
"CSAFPID-280012",
"CSAFPID-280019",
"CSAFPID-278888",
"CSAFPID-277607"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-190024",
"CSAFPID-280012",
"CSAFPID-277607",
"CSAFPID-278404",
"CSAFPID-278888"
]
}
],
"title": "A-MSDU Design Flaw"
}
]
}
Title
Linux kernel输入验证错误漏洞(CNVD-2021-34682)
Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
Linux kernel 5.8.9版本存在输入验证错误漏洞。该漏洞源于当设备发送分段的帧并且使用WEP,CCMP或GCMP数据机密协议时,攻击者可以利用此漏洞来注入数据包或泄露选定的片段。
Severity
中
Patch Name
Linux kernel输入验证错误漏洞(CNVD-2021-34682)的补丁
Patch Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
Linux kernel 5.8.9版本存在输入验证错误漏洞。该漏洞源于当设备发送分段的帧并且使用WEP,CCMP或GCMP数据机密协议时,攻击者可以利用此漏洞来注入数据包或泄露选定的片段。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-24586
Impacted products
| Name | Linux Linux kernel 5.8.9 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-24586"
}
},
"description": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\n\nLinux kernel 5.8.9\u7248\u672c\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5f53\u8bbe\u5907\u53d1\u9001\u5206\u6bb5\u7684\u5e27\u5e76\u4e14\u4f7f\u7528WEP\uff0cCCMP\u6216GCMP\u6570\u636e\u673a\u5bc6\u534f\u8bae\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u6765\u6ce8\u5165\u6570\u636e\u5305\u6216\u6cc4\u9732\u9009\u5b9a\u7684\u7247\u6bb5\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-34682",
"openTime": "2021-05-14",
"patchDescription": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux kernel 5.8.9\u7248\u672c\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5f53\u8bbe\u5907\u53d1\u9001\u5206\u6bb5\u7684\u5e27\u5e76\u4e14\u4f7f\u7528WEP\uff0cCCMP\u6216GCMP\u6570\u636e\u673a\u5bc6\u534f\u8bae\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u6765\u6ce8\u5165\u6570\u636e\u5305\u6216\u6cc4\u9732\u9009\u5b9a\u7684\u7247\u6bb5\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Linux kernel\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2021-34682\uff09\u7684\u8865\u4e01",
"products": {
"product": "Linux Linux kernel 5.8.9"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-24586",
"serverity": "\u4e2d",
"submitTime": "2021-05-14",
"title": "Linux kernel\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2021-34682\uff09"
}
FKIE_CVE-2020-24586
Vulnerability from fkie_nvd - Published: 2021-05-11 20:15 - Updated: 2026-06-17 03:05
Severity
Summary
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
References
Impacted products
{
"affected": [
{
"affectedData": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"source": "cve@mitre.org"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ieee:ieee_802.11:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA94FAA4-9BBF-402D-8B33-20A5E8AAFC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux:mac80211:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20B7EA3B-CCBA-4483-9BDD-DC8ED8689A22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:c-250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B22D5837-A2CC-41AB-8252-1724345AEDC5",
"versionEndExcluding": "10.0.1-31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:c-250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE97F0AD-8658-476A-8E22-DA67A5FD9F73",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:c-260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4180BE58-3CA0-4FFD-B5BE-44E36FDE5F89",
"versionEndExcluding": "10.0.1-31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:c-260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A006A8BD-D56E-40C2-ADD2-C11759153808",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:c-230_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59BE4F3A-477A-4DE9-B293-F2AF2CCED9A3",
"versionEndExcluding": "10.0.1-31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:c-230:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29B18F4E-4968-493A-BC90-5D8D7F619F39",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:c-235_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96A0A5F0-B046-4B53-92BC-D21705B1597C",
"versionEndExcluding": "10.0.1-31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:c-235:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54878C0D-8842-490F-B556-76AF47A65891",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arista:c-200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C62FEC63-9790-44DF-8AA0-050E89E883B1",
"versionEndExcluding": "11.0.0-36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arista:c-200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F81C550-CE6F-4E68-A088-5EC0CEF40600",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ax210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C073E29-FABA-4A07-A833-0E0A2CA5C9F4",
"versionEndExcluding": "22.30.0.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ax210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F226D74C-4A48-4AC0-A565-A00D555E27D6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ax201_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5420D2-2979-4BA7-8BF5-2F522CCE3C74",
"versionEndExcluding": "22.30.0.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ax201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4649D446-130B-4B31-B9ED-BA7F9F7EEB8F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ax200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC9FE51-D078-41C0-80DB-21820AD151C2",
"versionEndExcluding": "22.30.0.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ax200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9903E2E-A670-40D4-8B9F-D2C0CFDBFC9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_9560_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D239D907-FE04-4E02-B4BF-7F0A24CCC781",
"versionEndExcluding": "22.30.0.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_9560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D382D4A1-C8FD-4B47-B2C4-145232EC8AC5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_9462_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD21C53-CCBA-43FD-9DF7-A087705EC26E",
"versionEndExcluding": "22.30.0.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_9462:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E89EB0D-233A-486A-BDAE-F5726432CD7E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_9461_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19F30CC4-1D90-4298-BE72-307F8CD9C8E4",
"versionEndExcluding": "22.30.0.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_9461:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A11E55E8-5FA9-4ED7-AB61-03F22EE1759B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_9260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D25023-2C51-4186-BEE6-0C1096181C7C",
"versionEndExcluding": "22.30.0.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_9260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2795E42-D044-4D48-BCB2-61CC1A3471B1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_8265_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1091737E-15B8-4F29-AFC7-DAB19B4736DB",
"versionEndExcluding": "20.70.21.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_8265:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C08E2F3E-C4B5-4227-A88D-C50E209A12CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_8260_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33EF2DC9-CD1E-43C1-88AF-9E83E2E4EC81",
"versionEndExcluding": "20.70.21.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_8260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A8F30C-6BB7-4CC6-ADBE-1859DAF66C58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_3168_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F779EAF-1408-4994-9701-CE24AC5FB8A9",
"versionEndExcluding": "19.51.33.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_3168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5B2BCE-2D8A-440C-B866-76E035314022",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_7265_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6B04BC-69A8-469C-8364-F8CA6F5B09D2",
"versionEndExcluding": "19.51.33.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_7265:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F9F1CE7-8F14-4526-A857-7B954EC4BB6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_3165_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42A7C347-86AF-4397-B227-C636D352CB87",
"versionEndExcluding": "19.51.33.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_3165:-:*:*:*:*:*:*:*",
"matchCriteriaId": "197A3DA1-B8EF-438F-B933-32253C43C8EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ax1675_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DAB2B67-5C39-4438-8E36-3F740A697599",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ax1675:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F407ACA-0952-4717-A302-2D5CEB6DB111",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ax1650_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B39FB813-1EC0-4B5C-B8CB-F5129DBF94C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ax1650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B944F7-4A5F-41D0-A910-6F978F66CAA0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ac_1550_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A66D96C8-7C0D-4615-B825-A15DBB37B920",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ac_1550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12419474-DB56-462D-9116-3614A4BBAF20",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C083CF-3D4D-4AF0-8461-835F6AC264CC",
"versionEndExcluding": "4.4.271",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11580478-2F79-45B8-9BC0-FEF28259A4F5",
"versionEndExcluding": "4.9.271",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "970E3D3C-8829-4599-95A7-AC63136CE48E",
"versionEndExcluding": "4.14.235",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC7D3563-5878-403A-9BB7-6C44E6FE10A0",
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01D49B11-5E8A-427F-B9BE-8A5174DEDD65",
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B39B1E70-2AF7-4482-9ADF-45A1C04A4BC3",
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B1CFA77-6B5E-430C-AC49-3B3508F2D903",
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data."
},
{
"lang": "es",
"value": "El est\u00e1ndar 802.11 que sustenta a Wi-Fi Protected Access (WPA, WPA2, y WPA3) y Wired Equivalent Privacy (WEP) no requiere que los fragmentos recibidos se borren de la memoria despu\u00e9s de (re)conectarse a una red.\u0026#xa0;En las circunstancias adecuadas, cuando otro dispositivo env\u00eda tramas fragmentadas cifradas mediante WEP, CCMP o GCMP, se puede abusar de esto para inyectar paquetes de red arbitrarios y/o exfiltrar datos del usuario"
}
],
"id": "CVE-2020-24586",
"lastModified": "2026-06-17T03:05:48.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-11T20:15:08.537",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.fragattacks.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.fragattacks.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-85MG-8M94-9JRR
Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-07-13 00:01
VLAI
Details
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
Severity
{
"affected": [],
"aliases": [
"CVE-2020-24586"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-11T20:15:00Z",
"severity": "HIGH"
},
"details": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.",
"id": "GHSA-85mg-8m94-9jrr",
"modified": "2022-07-13T00:01:52Z",
"published": "2022-05-24T19:01:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24586"
},
{
"type": "WEB",
"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu"
},
{
"type": "WEB",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63"
},
{
"type": "WEB",
"url": "https://www.fragattacks.com"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2020-24586
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-24586",
"description": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.",
"id": "GSD-2020-24586",
"references": [
"https://www.suse.com/security/cve/CVE-2020-24586.html",
"https://access.redhat.com/errata/RHSA-2021:4356",
"https://access.redhat.com/errata/RHSA-2021:4140",
"https://ubuntu.com/security/CVE-2020-24586",
"https://advisories.mageia.org/CVE-2020-24586.html",
"https://security.archlinux.org/CVE-2020-24586",
"https://linux.oracle.com/cve/CVE-2020-24586.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-24586"
],
"details": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.",
"id": "GSD-2020-24586",
"modified": "2023-12-13T01:22:12.252782Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html"
},
{
"name": "20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu"
},
{
"name": "https://www.fragattacks.com",
"refsource": "MISC",
"url": "https://www.fragattacks.com"
},
{
"name": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md",
"refsource": "MISC",
"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md"
},
{
"name": "[oss-security] 20210511 various 802.11 security issues - fragattacks.com",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63"
},
{
"name": "[debian-lts-announce] 20230401 [SECURITY] [DLA 3380-1] firmware-nonfree LTS new upstream version (security updates and newer firmware for Linux 5.10)",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ieee:ieee_802.11:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:linux:mac80211:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arista:c-250_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.1-31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arista:c-250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arista:c-260_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.1-31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arista:c-260:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arista:c-230_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.1-31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arista:c-230:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arista:c-235_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.1-31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arista:c-235:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arista:c-200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.0.0-36",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arista:c-200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:ax210_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.30.0.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:ax210:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:ax201_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.30.0.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:ax201:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:ax200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.30.0.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:ax200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:ac_9560_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.30.0.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:ac_9560:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:ac_9462_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.30.0.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:ac_9462:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:ac_9461_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.30.0.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:ac_9461:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:ac_9260_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.30.0.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:ac_9260:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:ac_8265_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "20.70.21.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:ac_8265:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:ac_8260_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "20.70.21.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:ac_8260:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:ac_3168_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "19.51.33.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:ac_3168:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:ac_7265_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "19.51.33.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:ac_7265:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:ac_3165_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "19.51.33.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:ac_3165:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:ax1675_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:ax1675:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:ax1650_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:ax1650:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:ac_1550_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:ac_1550:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.4.271",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.9.271",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.14.235",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.19.193",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.4.124",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.10.42",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.12.9",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24586"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.fragattacks.com",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.fragattacks.com"
},
{
"name": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md"
},
{
"name": "[oss-security] 20210511 various 802.11 security issues - fragattacks.com",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/11/12"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
},
{
"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
},
{
"name": "20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021",
"refsource": "CISCO",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63"
},
{
"name": "[debian-lts-announce] 20230401 [SECURITY] [DLA 3380-1] firmware-nonfree LTS new upstream version (security updates and newer firmware for Linux 5.10)",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
},
"lastModifiedDate": "2023-04-01T22:15Z",
"publishedDate": "2021-05-11T20:15Z"
}
}
}
ICSA-21-236-01
Vulnerability from csaf_cisa - Published: 2021-08-24 00:00 - Updated: 2021-08-24 00:00Summary
Hitachi ABB Power Grids TropOS
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could allow an attacker to direct a client that is connected to a TropOS Wi-Fi access point to fake websites and extract sensitive data.
Critical infrastructure sectors: Critical Manufacturing, Energy
Countries/areas deployed: Worldwide
Company headquarters location: Switzerland
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability: These vulnerabilities are not exploitable remotely. No known public exploits specifically target these vulnerabilities.
CWE-74
- Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TropOS: Firmware Version 8.9.4.8 and prior
Hitachi Energy / TropOS
|
<= 8.9.4.8 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
|
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TropOS: Firmware Version 8.9.4.8 and prior
Hitachi Energy / TropOS
|
<= 8.9.4.8 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
|
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TropOS: Firmware Version 8.9.4.8 and prior
Hitachi Energy / TropOS
|
<= 8.9.4.8 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
|
5.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
TropOS: Firmware Version 8.9.4.8 and prior
Hitachi Energy / TropOS
|
<= 8.9.4.8 |
Mitigation
fix
Vendor Fix
Mitigation
Mitigation
Mitigation
|
References
24 references
Acknowledgments
Hitachi ABB Power Grids
{
"document": {
"acknowledgments": [
{
"organization": "Hitachi ABB Power Grids",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow an attacker to direct a client that is connected to a TropOS Wi-Fi access point to fake websites and extract sensitive data.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing, Energy",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Switzerland",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "These vulnerabilities are not exploitable remotely. No known public exploits specifically target these vulnerabilities.\n",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-21-236-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-236-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-236-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-236-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Hitachi ABB Power Grids TropOS",
"tracking": {
"current_release_date": "2021-08-24T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-236-01",
"initial_release_date": "2021-08-24T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-08-24T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-21-236-01 Hitachi ABB Power Grids TropOS"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 8.9.4.8",
"product": {
"name": "TropOS: Firmware Version 8.9.4.8 and prior",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "TropOS"
}
],
"category": "vendor",
"name": "Hitachi Energy"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-24586",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The 802.11 standard that underpins Wi-Fi protected access (WPA, WPA2, and WPA3) and wired equivalent privacy (WEP) does not require received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this vulnerability can be exploited to inject arbitrary network packets and/or exfiltrate user data.CVE-2020-24586 has been assigned to this vulnerability. A CVSS v3 base score of 3.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24586"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi ABB Power Grids recommends updating to firmware v8.9.4.9 or later, which resolves these vulnerabilities. For additional information on these vulnerabilities, including update instructions, please see the Hitachi ABB Power Grids security advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A4463\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "vendor_fix",
"details": "Disable the Wi-Fi access on any TropOS unit where local Wi-Fi access is not required. This is achieved by NOT enabling (or disabling) the local access SSID.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Where Wi-Fi access is required, wherever possible ensure physical access to the local area is restricted to approved staff only.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the Wi-Fi whitelist capability to restrict Wi-Fi access to only approved personnel.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As the FragAttacks vulnerability is targeted at an end-user device and generally involves redirection to fraudulent websites, the installation of comprehensive firewall capabilities on company end-user devices and servers will significantly reduce the likelihood of negative outcomes.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-24587",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "summary",
"text": "The 802.11 standard that underpins Wi-Fi protected access (WPA, WPA2, and WPA3) and wired equivalent privacy (WEP) does not require all fragments of a frame are encrypted under the same key. An adversary could exploit this vulnerability to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.CVE-2020-24587 has been assigned to this vulnerability. A CVSS v3 base score of 2.6 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24587"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi ABB Power Grids recommends updating to firmware v8.9.4.9 or later, which resolves these vulnerabilities. For additional information on these vulnerabilities, including update instructions, please see the Hitachi ABB Power Grids security advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A4463\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "vendor_fix",
"details": "Disable the Wi-Fi access on any TropOS unit where local Wi-Fi access is not required. This is achieved by NOT enabling (or disabling) the local access SSID.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Where Wi-Fi access is required, wherever possible ensure physical access to the local area is restricted to approved staff only.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the Wi-Fi whitelist capability to restrict Wi-Fi access to only approved personnel.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As the FragAttacks vulnerability is targeted at an end-user device and generally involves redirection to fraudulent websites, the installation of comprehensive firewall capabilities on company end-user devices and servers will significantly reduce the likelihood of negative outcomes.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-24588",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "summary",
"text": "The 802.11 standard that underpins Wi-Fi protected access (WPA, WPA2, and WPA3) and wired equivalent privacy (WEP) does not require the A-MSDU flag in the plaintext QoS header field be authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary could exploit this vulnerability to inject arbitrary network packets.CVE-2020-24588 has been assigned to this vulnerability. A CVSS v3 base score of 3.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24588"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi ABB Power Grids recommends updating to firmware v8.9.4.9 or later, which resolves these vulnerabilities. For additional information on these vulnerabilities, including update instructions, please see the Hitachi ABB Power Grids security advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A4463\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "vendor_fix",
"details": "Disable the Wi-Fi access on any TropOS unit where local Wi-Fi access is not required. This is achieved by NOT enabling (or disabling) the local access SSID.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Where Wi-Fi access is required, wherever possible ensure physical access to the local area is restricted to approved staff only.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the Wi-Fi whitelist capability to restrict Wi-Fi access to only approved personnel.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As the FragAttacks vulnerability is targeted at an end-user device and generally involves redirection to fraudulent websites, the installation of comprehensive firewall capabilities on company end-user devices and servers will significantly reduce the likelihood of negative outcomes.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-26139",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "An access point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.CVE-2020-26139 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26139"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi ABB Power Grids recommends updating to firmware v8.9.4.9 or later, which resolves these vulnerabilities. For additional information on these vulnerabilities, including update instructions, please see the Hitachi ABB Power Grids security advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A4463\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "vendor_fix",
"details": "Disable the Wi-Fi access on any TropOS unit where local Wi-Fi access is not required. This is achieved by NOT enabling (or disabling) the local access SSID.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Where Wi-Fi access is required, wherever possible ensure physical access to the local area is restricted to approved staff only.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the Wi-Fi whitelist capability to restrict Wi-Fi access to only approved personnel.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As the FragAttacks vulnerability is targeted at an end-user device and generally involves redirection to fraudulent websites, the installation of comprehensive firewall capabilities on company end-user devices and servers will significantly reduce the likelihood of negative outcomes.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-26140",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can exploit this vulnerability to inject arbitrary data frames independent of the network configuration.CVE-2020-26140 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26140"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi ABB Power Grids recommends updating to firmware v8.9.4.9 or later, which resolves these vulnerabilities. For additional information on these vulnerabilities, including update instructions, please see the Hitachi ABB Power Grids security advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A4463\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "vendor_fix",
"details": "Disable the Wi-Fi access on any TropOS unit where local Wi-Fi access is not required. This is achieved by NOT enabling (or disabling) the local access SSID.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Where Wi-Fi access is required, wherever possible ensure physical access to the local area is restricted to approved staff only.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the Wi-Fi whitelist capability to restrict Wi-Fi access to only approved personnel.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As the FragAttacks vulnerability is targeted at an end-user device and generally involves redirection to fraudulent websites, the installation of comprehensive firewall capabilities on company end-user devices and servers will significantly reduce the likelihood of negative outcomes.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-26141",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"notes": [
{
"category": "summary",
"text": "The Wi-Fi implementation does not verify the message integrity check (authenticity) of fragmented TKIP frames. An adversary can exploit this vulnerability to inject and decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.CVE-2020-26141 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26141"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi ABB Power Grids recommends updating to firmware v8.9.4.9 or later, which resolves these vulnerabilities. For additional information on these vulnerabilities, including update instructions, please see the Hitachi ABB Power Grids security advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A4463\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "vendor_fix",
"details": "Disable the Wi-Fi access on any TropOS unit where local Wi-Fi access is not required. This is achieved by NOT enabling (or disabling) the local access SSID.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Where Wi-Fi access is required, wherever possible ensure physical access to the local area is restricted to approved staff only.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the Wi-Fi whitelist capability to restrict Wi-Fi access to only approved personnel.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As the FragAttacks vulnerability is targeted at an end-user device and generally involves redirection to fraudulent websites, the installation of comprehensive firewall capabilities on company end-user devices and servers will significantly reduce the likelihood of negative outcomes.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-26142",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can exploit this vulnerability to inject arbitrary network packets independent of the network configuration.CVE-2020-26142 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26142"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi ABB Power Grids recommends updating to firmware v8.9.4.9 or later, which resolves these vulnerabilities. For additional information on these vulnerabilities, including update instructions, please see the Hitachi ABB Power Grids security advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A4463\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "vendor_fix",
"details": "Disable the Wi-Fi access on any TropOS unit where local Wi-Fi access is not required. This is achieved by NOT enabling (or disabling) the local access SSID.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Where Wi-Fi access is required, wherever possible ensure physical access to the local area is restricted to approved staff only.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the Wi-Fi whitelist capability to restrict Wi-Fi access to only approved personnel.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As the FragAttacks vulnerability is targeted at an end-user device and generally involves redirection to fraudulent websites, the installation of comprehensive firewall capabilities on company end-user devices and servers will significantly reduce the likelihood of negative outcomes.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-26143",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can exploit this vulnerability to inject arbitrary data frames independent of the network configuration.CVE-2020-26143 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26143"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi ABB Power Grids recommends updating to firmware v8.9.4.9 or later, which resolves these vulnerabilities. For additional information on these vulnerabilities, including update instructions, please see the Hitachi ABB Power Grids security advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A4463\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "vendor_fix",
"details": "Disable the Wi-Fi access on any TropOS unit where local Wi-Fi access is not required. This is achieved by NOT enabling (or disabling) the local access SSID.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Where Wi-Fi access is required, wherever possible ensure physical access to the local area is restricted to approved staff only.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the Wi-Fi whitelist capability to restrict Wi-Fi access to only approved personnel.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As the FragAttacks vulnerability is targeted at an end-user device and generally involves redirection to fraudulent websites, the installation of comprehensive firewall capabilities on company end-user devices and servers will significantly reduce the likelihood of negative outcomes.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-26144",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first eight bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can exploit this vulnerability to inject arbitrary network packets independent of the network configuration.CVE-2020-26144 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26144"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi ABB Power Grids recommends updating to firmware v8.9.4.9 or later, which resolves these vulnerabilities. For additional information on these vulnerabilities, including update instructions, please see the Hitachi ABB Power Grids security advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A4463\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "vendor_fix",
"details": "Disable the Wi-Fi access on any TropOS unit where local Wi-Fi access is not required. This is achieved by NOT enabling (or disabling) the local access SSID.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Where Wi-Fi access is required, wherever possible ensure physical access to the local area is restricted to approved staff only.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the Wi-Fi whitelist capability to restrict Wi-Fi access to only approved personnel.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As the FragAttacks vulnerability is targeted at an end-user device and generally involves redirection to fraudulent websites, the installation of comprehensive firewall capabilities on company end-user devices and servers will significantly reduce the likelihood of negative outcomes.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-26145",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments when sent in plaintext and process them as full unfragmented frames. An adversary can exploit this vulnerability to inject arbitrary network packets independent of the network configuration.CVE-2020-26145 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26145"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi ABB Power Grids recommends updating to firmware v8.9.4.9 or later, which resolves these vulnerabilities. For additional information on these vulnerabilities, including update instructions, please see the Hitachi ABB Power Grids security advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A4463\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "vendor_fix",
"details": "Disable the Wi-Fi access on any TropOS unit where local Wi-Fi access is not required. This is achieved by NOT enabling (or disabling) the local access SSID.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Where Wi-Fi access is required, wherever possible ensure physical access to the local area is restricted to approved staff only.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the Wi-Fi whitelist capability to restrict Wi-Fi access to only approved personnel.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As the FragAttacks vulnerability is targeted at an end-user device and generally involves redirection to fraudulent websites, the installation of comprehensive firewall capabilities on company end-user devices and servers will significantly reduce the likelihood of negative outcomes.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-26146",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can exploit this vulnerability to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note: WEP is vulnerable to this attack by design.CVE-2020-26146 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26146"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi ABB Power Grids recommends updating to firmware v8.9.4.9 or later, which resolves these vulnerabilities. For additional information on these vulnerabilities, including update instructions, please see the Hitachi ABB Power Grids security advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A4463\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "vendor_fix",
"details": "Disable the Wi-Fi access on any TropOS unit where local Wi-Fi access is not required. This is achieved by NOT enabling (or disabling) the local access SSID.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Where Wi-Fi access is required, wherever possible ensure physical access to the local area is restricted to approved staff only.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the Wi-Fi whitelist capability to restrict Wi-Fi access to only approved personnel.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As the FragAttacks vulnerability is targeted at an end-user device and generally involves redirection to fraudulent websites, the installation of comprehensive firewall capabilities on company end-user devices and servers will significantly reduce the likelihood of negative outcomes.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-26147",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. An adversary can exploit this vulnerability to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.CVE-2020-26147 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26147"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi ABB Power Grids recommends updating to firmware v8.9.4.9 or later, which resolves these vulnerabilities. For additional information on these vulnerabilities, including update instructions, please see the Hitachi ABB Power Grids security advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A4463\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "vendor_fix",
"details": "Disable the Wi-Fi access on any TropOS unit where local Wi-Fi access is not required. This is achieved by NOT enabling (or disabling) the local access SSID.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Where Wi-Fi access is required, wherever possible ensure physical access to the local area is restricted to approved staff only.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the Wi-Fi whitelist capability to restrict Wi-Fi access to only approved personnel.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "As the FragAttacks vulnerability is targeted at an end-user device and generally involves redirection to fraudulent websites, the installation of comprehensive firewall capabilities on company end-user devices and servers will significantly reduce the likelihood of negative outcomes.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
ICSA-22-102-04
Vulnerability from csaf_cisa - Published: 2022-04-12 00:00 - Updated: 2022-05-12 00:00Summary
Mitsubishi Electric GT25-WLAN
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: There are multiple vulnerabilities due to design flaws in the frame fragmentation functionality and the frame aggregation functionality in the Wireless Communication Standards IEEE 802.11. These vulnerabilities could allow an attacker to steal communication contents or inject unauthorized packets.
Critical infrastructure sectors: Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: Japan
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet; Locate control system networks and remote devices behind firewalls and isolate them from the business network; When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability: No known public exploits specifically target these vulnerabilities.
CWE-212
- Improper Removal of Sensitive Information Before Storage or Transfer
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
GT25-WLAN: Version 01.39.000 and earlier
Mitsubishi Electric / GT25-WLAN
|
<= 01.39.000 |
Mitigation
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
CWE-326
- Inadequate Encryption Strength
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
GT25-WLAN: Version 01.39.000 and earlier
Mitsubishi Electric / GT25-WLAN
|
<= 01.39.000 |
Mitigation
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
CWE-306
- Missing Authentication for Critical Function
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
GT25-WLAN: Version 01.39.000 and earlier
Mitsubishi Electric / GT25-WLAN
|
<= 01.39.000 |
Mitigation
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
GT25-WLAN: Version 01.39.000 and earlier
Mitsubishi Electric / GT25-WLAN
|
<= 01.39.000 |
Mitigation
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
GT25-WLAN: Version 01.39.000 and earlier
Mitsubishi Electric / GT25-WLAN
|
<= 01.39.000 |
Mitigation
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
GT25-WLAN: Version 01.39.000 and earlier
Mitsubishi Electric / GT25-WLAN
|
<= 01.39.000 |
Mitigation
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
5.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
GT25-WLAN: Version 01.39.000 and earlier
Mitsubishi Electric / GT25-WLAN
|
<= 01.39.000 |
Mitigation
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
|
References
17 references
Acknowledgments
Mitsubishi Electric
{
"document": {
"acknowledgments": [
{
"organization": "Mitsubishi Electric",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "There are multiple vulnerabilities due to design flaws in the frame fragmentation functionality and the frame aggregation functionality in the Wireless Communication Standards IEEE 802.11. These vulnerabilities could allow an attacker to steal communication contents or inject unauthorized packets.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Japan",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet; Locate control system networks and remote devices behind firewalls and isolate them from the business network; When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-22-102-04 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-102-04.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-102-04 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-102-04"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Mitsubishi Electric GT25-WLAN",
"tracking": {
"current_release_date": "2022-05-12T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-102-04",
"initial_release_date": "2022-04-12T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-04-12T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-22-102-04 Mitsubishi Electric GT25-WLAN"
},
{
"date": "2022-05-12T00:00:00.000000Z",
"legacy_version": "A",
"number": "2",
"summary": "ICSA-22-102-04 Mitsubishi Electric GT25-WLAN (Update A)"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 01.39.000",
"product": {
"name": "GT25-WLAN: Version 01.39.000 and earlier",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "GT25-WLAN"
}
],
"category": "vendor",
"name": "Mitsubishi Electric"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-24586",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"notes": [
{
"category": "summary",
"text": "The affected product is vulnerable to a fragment cache attack as it does not clear fragments from memory when (re)connecting. This may allow an attacker to steal communication contents or inject unauthorized packets. CVE-2020-24586 has been assigned to this vulnerability. A CVSS v3 base score of 3.5 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24586"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "For users who use the affected products and versions, please update to the fixed versions",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the versions in use by referencing GOT2000 Series User\u0027s Manual (Utility) (SH-081195ENG), 6.9 Package Data Management - \u201cProperty operation.\u201d",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "The latest version of the manual is available from Mitsubishi Electric FA Global Website.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa"
},
{
"category": "mitigation",
"details": "Install system applications (extended function) \u201cWireless LAN\u201d v01.45.000 or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Fixed system applications (extended function) \u201cWireless LAN\u201d is included in GT Designer3 Version 1 (GOT2000) v1.275M or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Download and install the fixed version of MELSOFT GT Designer3 (GOT2000). Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3 (GOT2000).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/support/index.html"
},
{
"category": "mitigation",
"details": "Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. Please refer to \u201c4. COMMUNICATING WITH GOT\u201d in the GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "After writing the required package data to the GOT, refer to the \u201cHow to check the versions in use\u201d and check the fixed versions.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the IP filter function*1 to restrict the accessible IP addresses. *1- Refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG) \u201c5.4.3 Setting the IP filter\u201d",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as a station, check if the router settings are as follows: For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers. Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "If you change the router settings, hide its presence on the Internet to make it difficult for unauthorized access. (e.g., set to not respond to PING requests).",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Set password for the router\u0027s Management portal, which is difficult to be identified.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the following when using a computer or tablet, etc., on the same network.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Update Antivirus software to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not open or access suspicious attachment file or linked URL.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-24587",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "summary",
"text": "The affected product is vulnerable to a mixed key attack as it reassembles fragments encrypted under different keys. This may allow an attacker to steal communication contents. CVE-2020-24587 has been assigned to this vulnerability. A CVSS v3 base score of 2.6 has been assigned; the CVSS vector string is (AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24587"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "For users who use the affected products and versions, please update to the fixed versions",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the versions in use by referencing GOT2000 Series User\u0027s Manual (Utility) (SH-081195ENG), 6.9 Package Data Management - \u201cProperty operation.\u201d",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "The latest version of the manual is available from Mitsubishi Electric FA Global Website.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa"
},
{
"category": "mitigation",
"details": "Install system applications (extended function) \u201cWireless LAN\u201d v01.45.000 or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Fixed system applications (extended function) \u201cWireless LAN\u201d is included in GT Designer3 Version 1 (GOT2000) v1.275M or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Download and install the fixed version of MELSOFT GT Designer3 (GOT2000). Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3 (GOT2000).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/support/index.html"
},
{
"category": "mitigation",
"details": "Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. Please refer to \u201c4. COMMUNICATING WITH GOT\u201d in the GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "After writing the required package data to the GOT, refer to the \u201cHow to check the versions in use\u201d and check the fixed versions.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the IP filter function*1 to restrict the accessible IP addresses. *1- Refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG) \u201c5.4.3 Setting the IP filter\u201d",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as a station, check if the router settings are as follows: For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers. Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "If you change the router settings, hide its presence on the Internet to make it difficult for unauthorized access. (e.g., set to not respond to PING requests).",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Set password for the router\u0027s Management portal, which is difficult to be identified.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the following when using a computer or tablet, etc., on the same network.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Update Antivirus software to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not open or access suspicious attachment file or linked URL.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-24588",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "summary",
"text": "The affected product is vulnerable to an aggregation attack as it accepts non-SPP A-MSDU frames. This may allow an attacker to inject unauthorized packets. CVE-2020-24588 has been assigned to this vulnerability. A CVSS v3 base score of 3.5 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24588"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "For users who use the affected products and versions, please update to the fixed versions",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the versions in use by referencing GOT2000 Series User\u0027s Manual (Utility) (SH-081195ENG), 6.9 Package Data Management - \u201cProperty operation.\u201d",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "The latest version of the manual is available from Mitsubishi Electric FA Global Website.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa"
},
{
"category": "mitigation",
"details": "Install system applications (extended function) \u201cWireless LAN\u201d v01.45.000 or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Fixed system applications (extended function) \u201cWireless LAN\u201d is included in GT Designer3 Version 1 (GOT2000) v1.275M or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Download and install the fixed version of MELSOFT GT Designer3 (GOT2000). Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3 (GOT2000).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/support/index.html"
},
{
"category": "mitigation",
"details": "Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. Please refer to \u201c4. COMMUNICATING WITH GOT\u201d in the GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "After writing the required package data to the GOT, refer to the \u201cHow to check the versions in use\u201d and check the fixed versions.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the IP filter function*1 to restrict the accessible IP addresses. *1- Refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG) \u201c5.4.3 Setting the IP filter\u201d",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as a station, check if the router settings are as follows: For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers. Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "If you change the router settings, hide its presence on the Internet to make it difficult for unauthorized access. (e.g., set to not respond to PING requests).",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Set password for the router\u0027s Management portal, which is difficult to be identified.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the following when using a computer or tablet, etc., on the same network.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Update Antivirus software to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not open or access suspicious attachment file or linked URL.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-26140",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The affected product can accept plaintext data frames in a protected network. This may allow an attacker to inject unauthorized packets. CVE-2020-26140 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26140"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "For users who use the affected products and versions, please update to the fixed versions",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the versions in use by referencing GOT2000 Series User\u0027s Manual (Utility) (SH-081195ENG), 6.9 Package Data Management - \u201cProperty operation.\u201d",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "The latest version of the manual is available from Mitsubishi Electric FA Global Website.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa"
},
{
"category": "mitigation",
"details": "Install system applications (extended function) \u201cWireless LAN\u201d v01.45.000 or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Fixed system applications (extended function) \u201cWireless LAN\u201d is included in GT Designer3 Version 1 (GOT2000) v1.275M or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Download and install the fixed version of MELSOFT GT Designer3 (GOT2000). Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3 (GOT2000).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/support/index.html"
},
{
"category": "mitigation",
"details": "Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. Please refer to \u201c4. COMMUNICATING WITH GOT\u201d in the GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "After writing the required package data to the GOT, refer to the \u201cHow to check the versions in use\u201d and check the fixed versions.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the IP filter function*1 to restrict the accessible IP addresses. *1- Refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG) \u201c5.4.3 Setting the IP filter\u201d",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as a station, check if the router settings are as follows: For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers. Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "If you change the router settings, hide its presence on the Internet to make it difficult for unauthorized access. (e.g., set to not respond to PING requests).",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Set password for the router\u0027s Management portal, which is difficult to be identified.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the following when using a computer or tablet, etc., on the same network.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Update Antivirus software to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not open or access suspicious attachment file or linked URL.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-26143",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The affected product is vulnerable to accepting fragmented plaintext data frames in a protected network. This may allow an attacker to inject unauthorized packets. CVE-2020-26143 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26143"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "For users who use the affected products and versions, please update to the fixed versions",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the versions in use by referencing GOT2000 Series User\u0027s Manual (Utility) (SH-081195ENG), 6.9 Package Data Management - \u201cProperty operation.\u201d",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "The latest version of the manual is available from Mitsubishi Electric FA Global Website.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa"
},
{
"category": "mitigation",
"details": "Install system applications (extended function) \u201cWireless LAN\u201d v01.45.000 or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Fixed system applications (extended function) \u201cWireless LAN\u201d is included in GT Designer3 Version 1 (GOT2000) v1.275M or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Download and install the fixed version of MELSOFT GT Designer3 (GOT2000). Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3 (GOT2000).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/support/index.html"
},
{
"category": "mitigation",
"details": "Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. Please refer to \u201c4. COMMUNICATING WITH GOT\u201d in the GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "After writing the required package data to the GOT, refer to the \u201cHow to check the versions in use\u201d and check the fixed versions.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the IP filter function*1 to restrict the accessible IP addresses. *1- Refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG) \u201c5.4.3 Setting the IP filter\u201d",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as a station, check if the router settings are as follows: For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers. Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "If you change the router settings, hide its presence on the Internet to make it difficult for unauthorized access. (e.g., set to not respond to PING requests).",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Set password for the router\u0027s Management portal, which is difficult to be identified.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the following when using a computer or tablet, etc., on the same network.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Update Antivirus software to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not open or access suspicious attachment file or linked URL.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-26144",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The affected product can accept plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL in an encrypted network. This may allow an attacker to inject unauthorized packets. CVE-2020-26144 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26144"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "For users who use the affected products and versions, please update to the fixed versions",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the versions in use by referencing GOT2000 Series User\u0027s Manual (Utility) (SH-081195ENG), 6.9 Package Data Management - \u201cProperty operation.\u201d",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "The latest version of the manual is available from Mitsubishi Electric FA Global Website.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa"
},
{
"category": "mitigation",
"details": "Install system applications (extended function) \u201cWireless LAN\u201d v01.45.000 or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Fixed system applications (extended function) \u201cWireless LAN\u201d is included in GT Designer3 Version 1 (GOT2000) v1.275M or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Download and install the fixed version of MELSOFT GT Designer3 (GOT2000). Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3 (GOT2000).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/support/index.html"
},
{
"category": "mitigation",
"details": "Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. Please refer to \u201c4. COMMUNICATING WITH GOT\u201d in the GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "After writing the required package data to the GOT, refer to the \u201cHow to check the versions in use\u201d and check the fixed versions.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the IP filter function*1 to restrict the accessible IP addresses. *1- Refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG) \u201c5.4.3 Setting the IP filter\u201d",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as a station, check if the router settings are as follows: For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers. Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "If you change the router settings, hide its presence on the Internet to make it difficult for unauthorized access. (e.g., set to not respond to PING requests).",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Set password for the router\u0027s Management portal, which is difficult to be identified.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the following when using a computer or tablet, etc., on the same network.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Update Antivirus software to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not open or access suspicious attachment file or linked URL.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-26146",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The affected product can reassemble encrypted fragments with non-consecutive packet numbers. This may allow an attacker to steal communication contents. CVE-2020-26146 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26146"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "For users who use the affected products and versions, please update to the fixed versions",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the versions in use by referencing GOT2000 Series User\u0027s Manual (Utility) (SH-081195ENG), 6.9 Package Data Management - \u201cProperty operation.\u201d",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "The latest version of the manual is available from Mitsubishi Electric FA Global Website.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa"
},
{
"category": "mitigation",
"details": "Install system applications (extended function) \u201cWireless LAN\u201d v01.45.000 or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Fixed system applications (extended function) \u201cWireless LAN\u201d is included in GT Designer3 Version 1 (GOT2000) v1.275M or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "This does not include countermeasures for CVE-2020-26146",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26146"
},
{
"category": "mitigation",
"details": "Download and install the fixed version of MELSOFT GT Designer3 (GOT2000). Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3 (GOT2000).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/support/index.html"
},
{
"category": "mitigation",
"details": "Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. Please refer to \u201c4. COMMUNICATING WITH GOT\u201d in the GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "After writing the required package data to the GOT, refer to the \u201cHow to check the versions in use\u201d and check the fixed versions.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the IP filter function*1 to restrict the accessible IP addresses. *1- Refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG) \u201c5.4.3 Setting the IP filter\u201d",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as a station, check if the router settings are as follows: For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers. Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "If you change the router settings, hide its presence on the Internet to make it difficult for unauthorized access. (e.g., set to not respond to PING requests).",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Set password for the router\u0027s Management portal, which is difficult to be identified.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the following when using a computer or tablet, etc., on the same network.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Update Antivirus software to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not open or access suspicious attachment file or linked URL.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
OPENSUSE-SU-2021:0843-1
Vulnerability from csaf_opensuse - Published: 2021-06-06 08:12 - Updated: 2021-06-06 08:12Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch: The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484).
- CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111)
- CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062)
- CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060)
- CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
- CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611).
- CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859).
- CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862).
- CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (bnc#1185861)
- CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859).
- CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860)
- CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987)
The following non-security bugs were fixed:
- ACPI / hotplug / PCI: Fix reference count leak in enable_slot() (git-fixes).
- ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure (git-fixes).
- ACPI: custom_method: fix a possible memory leak (git-fixes).
- ACPI: custom_method: fix potential use-after-free issue (git-fixes).
- ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes).
- ALSA: bebob: enable to deliver MIDI messages for multiple ports (git-fixes).
- ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 (git-fixes).
- ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency (git-fixes).
- ALSA: firewire-lib: fix calculation for size of IR context payload (git-fixes).
- ALSA: firewire-lib: fix check for the size of isochronous packet payload (git-fixes).
- ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes).
- ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable (git-fixes).
- ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (git-fixes).
- ALSA: hda/realtek: Headphone volume is controlled by Front mixer (git-fixes).
- ALSA: hda/realtek: reset eapd coeff to default value for alc287 (git-fixes).
- ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes).
- ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP (git-fixes).
- ALSA: hdsp: do not disable if not enabled (git-fixes).
- ALSA: hdspm: do not disable if not enabled (git-fixes).
- ALSA: intel8x0: Do not update period unless prepared (git-fixes).
- ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes).
- ALSA: rme9652: do not disable if not enabled (git-fixes).
- ALSA: usb-audio: Validate MS endpoint descriptors (git-fixes).
- ALSA: usb-audio: fix control-request direction (git-fixes).
- ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (git-fixes).
- ALSA: usb-audio: scarlett2: Improve driver startup messages (git-fixes).
- ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static (git-fixes).
- ARM64: vdso32: Install vdso32 from vdso_install (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF (git-fixes).
- ASoC: cs35l33: fix an error code in probe() (git-fixes).
- ASoC: cs42l42: Regmap must use_single_read/write (git-fixes).
- ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init() (git-fixes).
- ASoC: rsnd: core: Check convert rate in rsnd_hw_params (git-fixes).
- ASoC: rt286: Generalize support for ALC3263 codec (git-fixes).
- ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes).
- Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS (git-fixes).
- Bluetooth: SMP: Fail if remote and local public keys are identical (git-fixes).
- Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes).
- Bluetooth: check for zapped sk before connecting (git-fixes).
- Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes).
- Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM (git-fixes).
- Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725).
- Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725).
- Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes).
- Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices (git-fixes).
- Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state (git-fixes).
- KVM: s390: fix guarded storage control register handling (bsc#1133021).
- Move upstreamed media fixes into sorted section
- NFC: nci: fix memory leak in nci_allocate_device (git-fixes).
- PCI/RCEC: Fix RCiEP device to RCEC association (git-fixes).
- PCI: Allow VPD access for QLogic ISP2722 (git-fixes).
- PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes).
- PCI: Release OF node in pci_scan_device()'s error path (git-fixes).
- PCI: endpoint: Fix missing destroy_workqueue() (git-fixes).
- PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() (git-fixes).
- PCI: thunder: Fix compile testing (git-fixes).
- PM / devfreq: Use more accurate returned new_freq as resume_freq (git-fixes).
- RDMA/addr: create addr_wq with WQ_MEM_RECLAIM flag (bsc#1183346).
- RDMA/core: create ib_cm with WQ_MEM_RECLAIM flag (bsc#1183346).
- RDMA/hns: Delete redundant abnormal interrupt status (git-fixes).
- RDMA/hns: Delete redundant condition judgment related to eq (git-fixes).
- RDMA/qedr: Fix error return code in qedr_iw_connect() (jsc#SLE-8215).
- RDMA/srpt: Fix error return code in srpt_cm_req_recv() (git-fixes).
- Revert 'arm64: vdso: Fix compilation with clang older than 8' (git-fixes).
- Revert 'gdrom: fix a memory leak bug' (git-fixes).
- Revert 'i3c master: fix missing destroy_workqueue() on error in i3c_master_register' (git-fixes).
- Revert 'leds: lp5523: fix a missing check of return value of lp55xx_read' (git-fixes).
- Revert 337f13046ff0 ('futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op') (git-fixes).
- SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1185428).
- SUNRPC: More fixes for backlog congestion (bsc#1185428).
- USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet (git-fixes).
- USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes).
- USB: serial: pl2303: add support for PL2303HXN (bsc#1186320).
- USB: serial: pl2303: fix line-speed handling on newer chips (bsc#1186320).
- USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check (git-fixes).
- USB: trancevibrator: fix control-request direction (git-fixes).
- amdgpu: avoid incorrect %hu format string (git-fixes).
- arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory (git-fixes).
- arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes).
- arm64: avoid -Woverride-init warning (git-fixes).
- arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL (git-fixes).
- arm64: kdump: update ppos when reading elfcorehdr (git-fixes).
- arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into() fails (git-fixes).
- arm64: link with -z norelro for LLD or aarch64-elf (git-fixes).
- arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (git-fixes).
- arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) (git-fixes).
- arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter() (git-fixes).
- arm64: vdso32: make vdso32 install conditional (git-fixes).
- arm: mm: use __pfn_to_section() to get mem_section (git-fixes).
- ata: ahci: Disable SXS for Hisilicon Kunpeng920 (git-fixes).
- blk-iocost: ioc_pd_free() shouldn't assume irq disabled (git-fixes).
- blk-mq: Swap two calls in blk_mq_exit_queue() (git-fixes).
- block/genhd: use atomic_t for disk_event->block (bsc#1185497).
- block: Fix three kernel-doc warnings (git-fixes).
- block: fix get_max_io_size() (git-fixes).
- bnxt_en: Fix RX consumer index logic in the error path (git-fixes).
- bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (git-fixes).
- bpf: Fix leakage of uninitialized bpf stack under speculation (bsc#1155518).
- bpf: Fix masking negation logic upon negative dst register (bsc#1155518).
- btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441).
- btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439).
- cdc-wdm: untangle a circular dependency between callback and softint (git-fixes).
- cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom (git-fixes).
- cdrom: gdrom: initialize global variable at init time (git-fixes).
- ceph: do not clobber i_snap_caps on non-I_NEW inode (bsc#1186501).
- ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501).
- ceph: fix up error handling with snapdirs (bsc#1186501).
- ceph: only check pool permissions for regular files (bsc#1186501).
- cfg80211: scan: drop entry from hidden_list on overflow (git-fixes).
- clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return (git-fixes).
- cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758).
- crypto: api - check for ERR pointers in crypto_destroy_tfm() (git-fixes).
- crypto: mips/poly1305 - enable for all MIPS processors (git-fixes).
- crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init (git-fixes).
- crypto: qat - Fix a double free in adf_create_ring (git-fixes).
- crypto: qat - do not release uninitialized resources (git-fixes).
- crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes).
- crypto: qat - fix unmap invalid dma address (git-fixes).
- crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c (git-fixes).
- crypto: stm32/hash - Fix PM reference leak on stm32-hash.c (git-fixes).
- cxgb4: Fix unintentional sign extension issues (git-fixes).
- dm: avoid filesystem lookup in dm_get_dev_t() (git-fixes).
- dmaengine: dw-edma: Fix crash on loading/unloading driver (git-fixes).
- docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes).
- docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes).
- drivers: hv: Fix whitespace errors (bsc#1185725).
- drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool' (git-fixes).
- drm/amd/display: Fix two cursor duplication when using overlay (git-fixes).
- drm/amd/display: Force vsync flip when reconfiguring MPCC (git-fixes).
- drm/amd/display: Reject non-zero src_y and src_x for video planes (git-fixes).
- drm/amd/display: fix dml prefetch validation (git-fixes).
- drm/amd/display: fixed divide by zero kernel crash during dsc enablement (git-fixes).
- drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f (git-fixes).
- drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (git-fixes).
- drm/amdgpu: fix NULL pointer dereference (git-fixes).
- drm/amdgpu: mask the xgmi number of hops reported from psp to kfd (git-fixes).
- drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug (git-fixes).
- drm/i915: Avoid div-by-zero on gen2 (git-fixes).
- drm/meson: fix shutdown crash when component not probed (git-fixes).
- drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes).
- drm/msm/mdp5: Do not multiply vclk line count by 100 (git-fixes).
- drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (git-fixes).
- drm/radeon: Avoid power table parsing memory leaks (git-fixes).
- drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes).
- drm/vkms: fix misuse of WARN_ON (git-fixes).
- drm: Added orientation quirk for OneGX1 Pro (git-fixes).
- ethernet:enic: Fix a use after free bug in enic_hard_start_xmit (git-fixes).
- extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged (git-fixes).
- extcon: arizona: Fix various races on driver unbind (git-fixes).
- fbdev: zero-fill colormap in fbcmap.c (git-fixes).
- firmware: arm_scpi: Prevent the ternary sign expansion bug (git-fixes).
- fs/epoll: restore waking from ep_done_scan() (bsc#1183868).
- ftrace: Handle commands when closing set_ftrace_filter file (git-fixes).
- futex: Change utime parameter to be 'const ... *' (git-fixes).
- futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI (bsc#1164648).
- futex: Get rid of the val2 conditional dance (git-fixes).
- futex: Make syscall entry points less convoluted (git-fixes).
- genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes)
- genirq: Disable interrupts for force threaded handlers (git-fixes)
- genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641).
- gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes).
- gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 (git-fixes).
- hrtimer: Update softirq_expires_next correctly after (git-fixes)
- hwmon: (occ) Fix poll rate limiting (git-fixes).
- i2c: Add I2C_AQ_NO_REP_START adapter quirk (git-fixes).
- i2c: bail out early when RDWR parameters are wrong (git-fixes).
- i2c: i801: Do not generate an interrupt on bus reset (git-fixes).
- i2c: s3c2410: fix possible NULL pointer deref on read message after write (git-fixes).
- i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (git-fixes).
- i40e: Fix PHY type identifiers for 2.5G and 5G adapters (git-fixes).
- i40e: Fix use-after-free in i40e_client_subtask() (git-fixes).
- i40e: fix broken XDP support (git-fixes).
- i40e: fix the restart auto-negotiation after FEC modified (git-fixes).
- ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043).
- ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
- ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
- ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432 git-fixes).
- ics932s401: fix broken handling of errors when word reading fails (git-fixes).
- iio: adc: ad7124: Fix missbalanced regulator enable / disable on error (git-fixes).
- iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers (git-fixes).
- iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes).
- iio: gyro: fxas21002c: balance runtime power in error path (git-fixes).
- iio: gyro: mpu3050: Fix reported temperature value (git-fixes).
- iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes).
- iio: tsl2583: Fix division by a zero lux_val (git-fixes).
- intel_th: Consistency and off-by-one fix (git-fixes).
- iommu/amd: Add support for map/unmap_resource (jsc#ECO-3482).
- ipc/mqueue, msg, sem: Avoid relying on a stack reference past its expiry (bsc#1185988).
- ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#1184855).
- kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle UTF-8 input in non-UTF-8 locale.
- leds: lp5523: check return value of lp5xx_read and jump to cleanup code (git-fixes).
- lpfc: Decouple port_template and vport_template (bsc#185032).
- mac80211: clear the beacon's CRC after channel switch (git-fixes).
- md-cluster: fix use-after-free issue when removing rdev (bsc#1184082).
- md/raid1: properly indicate failure when ending a failed write request (bsc#1185680).
- md: do not flush workqueue unconditionally in md_open (bsc#1184081).
- md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081).
- md: md_open returns -EBUSY when entering racing area (bsc#1184081).
- md: split mddev_find (bsc#1184081).
- media: adv7604: fix possible use-after-free in adv76xx_remove() (git-fixes).
- media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB (git-fixes).
- media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes).
- media: em28xx: fix memory leak (git-fixes).
- media: gspca/sq905.c: fix uninitialized variable (git-fixes).
- media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() (git-fixes).
- media: i2c: adv7842: fix possible use-after-free in adv7842_remove() (git-fixes).
- media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove() (git-fixes).
- media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt() (git-fixes).
- media: ite-cir: check for receive overflow (git-fixes).
- media: media/saa7164: fix saa7164_encoder_register() memory leak bugs (git-fixes).
- media: platform: sti: Fix runtime PM imbalance in regs_show (git-fixes).
- media: tc358743: fix possible use-after-free in tc358743_remove() (git-fixes).
- mfd: arizona: Fix rumtime PM imbalance on error (git-fixes).
- misc/uss720: fix memory leak in uss720_probe (git-fixes).
- mlxsw: spectrum_mr: Update egress RIF list before route's action (git-fixes).
- mmc: block: Update ext_csd.cache_ctrl if it was written (git-fixes).
- mmc: core: Do a power cycle when the CMD11 fails (git-fixes).
- mmc: core: Set read only for SD cards with permanent write protect bit (git-fixes).
- mmc: sdhci-pci-gli: increase 1.8V regulator wait (git-fixes).
- mmc: sdhci-pci: Add PCI IDs for Intel LKF (git-fixes).
- mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers (git-fixes).
- mmc: sdhci: Check for reset prior to DMA address unmap (git-fixes).
- net, xdp: Update pkt_type if generic XDP changes unicast MAC (git-fixes).
- net: enetc: fix link error again (git-fixes).
- net: hns3: Fix for geneve tx checksum bug (git-fixes).
- net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet() (git-fixes).
- net: hns3: clear unnecessary reset request in hclge_reset_rebuild (git-fixes).
- net: hns3: disable phy loopback setting in hclge_mac_start_phy (git-fixes).
- net: hns3: fix for vxlan gpe tx checksum bug (git-fixes).
- net: hns3: fix incorrect configuration for igu_egu_hw_err (git-fixes).
- net: hns3: initialize the message content in hclge_get_link_mode() (git-fixes).
- net: hns3: use netif_tx_disable to stop the transmit queue (git-fixes).
- net: thunderx: Fix unintentional sign extension issue (git-fixes).
- net: usb: fix memory leak in smsc75xx_bind (git-fixes).
- netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes).
- netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950).
- netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950).
- netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950).
- nvme-core: add cancel tagset helpers (bsc#1183976).
- nvme-fabrics: decode host pathing error for connect (bsc#1179827).
- nvme-fc: check sgl supported by target (bsc#1179827).
- nvme-fc: clear q_live at beginning of association teardown (bsc#1186479).
- nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted (bsc#1184259).
- nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#1184259).
- nvme-fc: short-circuit reconnect retries (bsc#1179827).
- nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#1184259).
- nvme-pci: Remove tag from process cq (git-fixes).
- nvme-pci: Remove two-pass completions (git-fixes).
- nvme-pci: Simplify nvme_poll_irqdisable (git-fixes).
- nvme-pci: align io queue count with allocted nvme_queue in (git-fixes).
- nvme-pci: avoid race between nvme_reap_pending_cqes() and nvme_poll() (git-fixes).
- nvme-pci: dma read memory barrier for completions (git-fixes).
- nvme-pci: fix 'slimmer CQ head update' (git-fixes).
- nvme-pci: make sure write/poll_queues less or equal then cpu (git-fixes).
- nvme-pci: remove last_sq_tail (git-fixes).
- nvme-pci: remove volatile cqes (git-fixes).
- nvme-pci: slimmer CQ head update (git-fixes).
- nvme-pci: use simple suspend when a HMB is enabled (git-fixes).
- nvme-tcp: Fix possible race of io_work and direct send (git-fixes).
- nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT (git-fixes).
- nvme-tcp: add clean action for failed reconnection (bsc#1183976).
- nvme-tcp: fix kconfig dependency warning when !CRYPTO (git-fixes).
- nvme-tcp: fix misuse of __smp_processor_id with preemption (git-fixes).
- nvme-tcp: fix possible hang waiting for icresp response (bsc#1179519).
- nvme-tcp: use cancel tagset helper for tear down (bsc#1183976).
- nvme: Fix NULL dereference for pci nvme controllers (bsc#1182378).
- nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1184259).
- nvme: define constants for identification values (git-fixes).
- nvme: do not intialize hwmon for discovery controllers (bsc#1184259).
- nvme: do not intialize hwmon for discovery controllers (git-fixes).
- nvme: document nvme controller states (git-fixes).
- nvme: explicitly update mpath disk capacity on revalidation (git-fixes).
- nvme: expose reconnect_delay and ctrl_loss_tmo via sysfs (bsc#1182378).
- nvme: fix controller instance leak (git-fixes).
- nvme: fix deadlock in disconnect during scan_work and/or ana_work (git-fixes).
- nvme: fix possible deadlock when I/O is blocked (git-fixes).
- nvme: remove superfluous else in nvme_ctrl_loss_tmo_store (bsc#1182378).
- nvme: retrigger ANA log update if group descriptor isn't found (git-fixes)
- nvme: simplify error logic in nvme_validate_ns() (bsc#1184259).
- nvmet: fix a memory leak (git-fixes).
- nvmet: seset ns->file when open fails (bsc#1183873).
- nvmet: use new ana_log_size instead the old one (bsc#1184259).
- nxp-i2c: restore includes for kABI (bsc#1185589).
- nxp-nci: add NXP1002 id (bsc#1185589).
- phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() (git-fixes).
- pinctrl: ingenic: Improve unreachable code generation (git-fixes).
- pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes).
- platform/x86: intel_pmc_core: Do not use global pmcdev in quirks (git-fixes).
- platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes).
- posix-timers: Preserve return value in clock_adjtime32() (git-fixes)
- power: supply: Use IRQF_ONESHOT (git-fixes).
- power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() (git-fixes).
- power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() (git-fixes).
- powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666 git-fixes).
- powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes).
- qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth (git-fixes).
- rtc: pcf2127: handle timestamp interrupts (bsc#1185495).
- s390/dasd: fix hanging DASD driver unbind (bsc#1183932 LTC#192153).
- s390/entry: save the caller of psw_idle (bsc#1185677).
- s390/kdump: fix out-of-memory with PCI (bsc#1182257 LTC#191375).
- sched/eas: Do not update misfit status if the task is pinned (git-fixes)
- sched/fair: Avoid stale CPU util_est value for schedutil in (git-fixes)
- sched/fair: Fix unfairness caused by missing load decay (git-fixes)
- scripts/git_sort/git_sort.py: add bpf git repo
- scsi: core: Run queue in case of I/O resource contention failure (bsc#1186416).
- scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io() (bsc#1179851).
- scsi: libfc: Avoid invoking response handler twice if ep is already completed (bsc#1186573).
- scsi: lpfc: Add a option to enable interlocked ABTS before job completion (bsc#1186451).
- scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186451).
- scsi: lpfc: Fix 'Unexpected timeout' error in direct attach topology (bsc#1186451).
- scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs (bsc#1186451).
- scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#1186451).
- scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs (bsc#1186451).
- scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller (bsc#1186451).
- scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186451).
- scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186451).
- scsi: lpfc: Ignore GID-FT response that may be received after a link flip (bsc#1186451).
- scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric controller (bsc#1186451).
- scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186451).
- sctp: delay auto_asconf init until binding the first addr (<cover.1620748346.git.mkubecek@suse.cz>).
- serial: core: fix suspicious security_locked_down() call (git-fixes).
- serial: core: return early on unsupported ioctls (git-fixes).
- serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (git-fixes).
- serial: stm32: fix incorrect characters on console (git-fixes).
- serial: stm32: fix tx_empty condition (git-fixes).
- serial: tegra: Fix a mask operation that is always true (git-fixes).
- smc: disallow TCP_ULP in smc_setsockopt() (git-fixes).
- spi: ath79: always call chipselect function (git-fixes).
- spi: ath79: remove spi-master setup and cleanup assignment (git-fixes).
- spi: dln2: Fix reference leak to master (git-fixes).
- spi: omap-100k: Fix reference leak to master (git-fixes).
- spi: qup: fix PM reference leak in spi_qup_remove() (git-fixes).
- spi: spi-fsl-dspi: Fix a resource leak in an error handling path (git-fixes).
- staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes).
- staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes).
- tcp: fix to update snd_wl1 in bulk receiver fast path (<cover.1620748346.git.mkubecek@suse.cz>).
- thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val' (git-fixes).
- thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (git-fixes).
- tracing: Map all PIDs to command lines (git-fixes).
- tty: amiserial: fix TIOCSSERIAL permission check (git-fixes).
- tty: fix memory leak in vc_deallocate (git-fixes).
- tty: moxa: fix TIOCSSERIAL jiffies conversions (git-fixes).
- tty: moxa: fix TIOCSSERIAL permission check (git-fixes).
- uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes).
- uio_hv_generic: Fix a memory leak in error handling paths (git-fixes).
- uio_hv_generic: Fix another memory leak in error handling paths (git-fixes).
- uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes).
- usb: core: hub: Fix PM reference leak in usb_port_resume() (git-fixes).
- usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes).
- usb: dwc2: Fix gadget DMA unmap direction (git-fixes).
- usb: dwc3: gadget: Enable suspend events (git-fixes).
- usb: dwc3: gadget: Return success always for kick transfer in ep queue (git-fixes).
- usb: dwc3: omap: improve extcon initialization (git-fixes).
- usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield (git-fixes).
- usb: fotg210-hcd: Fix an error message (git-fixes).
- usb: gadget/function/f_fs string table fix for multiple languages (git-fixes).
- usb: gadget: dummy_hcd: fix gpf in gadget_setup (git-fixes).
- usb: gadget: f_uac1: validate input parameters (git-fixes).
- usb: gadget: f_uac2: validate input parameters (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (git-fixes).
- usb: gadget: uvc: add bInterval checking for HS mode (git-fixes).
- usb: musb: fix PM reference leak in musb_irq_work() (git-fixes).
- usb: sl811-hcd: improve misleading indentation (git-fixes).
- usb: webcam: Invalid size of Processing Unit Descriptor (git-fixes).
- usb: xhci: Fix port minor revision (git-fixes).
- usb: xhci: Increase timeout for HC halt (git-fixes).
- vgacon: Record video mode changes with VT_RESIZEX (git-fixes).
- video: hyperv_fb: Add ratelimit on error message (bsc#1185725).
- vrf: fix a comment about loopback device (git-fixes).
- watchdog/softlockup: Remove obsolete check of last reported task (bsc#1185982).
- watchdog/softlockup: report the overall time of softlockups (bsc#1185982).
- watchdog: explicitly update timestamp when reporting softlockup (bsc#1185982).
- watchdog: rename __touch_watchdog() to a better descriptive name (bsc#1185982).
- whitespace cleanup
- wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes).
- wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes).
- workqueue: Minor follow-ups to the rescuer destruction change (bsc#1185911).
- workqueue: more destroy_workqueue() fixes (bsc#1185911).
- x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#1152489).
- xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes).
- xhci: check control context is valid before dereferencing it (git-fixes).
- xhci: fix potential array out of bounds with several interrupters (git-fixes).
- xsk: Respect device's headroom and tailroom on generic xmit path (git-fixes).
Patchnames: openSUSE-2021-843
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.7 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.2 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.2 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.7 (High)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
92 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484).\n- CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111)\n- CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062)\n- CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060)\n- CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642).\n- CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611).\n- CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859).\n- CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862).\n- CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (bnc#1185861)\n- CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859).\n- CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860)\n- CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987)\n\nThe following non-security bugs were fixed:\n\n- ACPI / hotplug / PCI: Fix reference count leak in enable_slot() (git-fixes).\n- ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure (git-fixes).\n- ACPI: custom_method: fix a possible memory leak (git-fixes).\n- ACPI: custom_method: fix potential use-after-free issue (git-fixes).\n- ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes).\n- ALSA: bebob: enable to deliver MIDI messages for multiple ports (git-fixes).\n- ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 (git-fixes).\n- ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency (git-fixes).\n- ALSA: firewire-lib: fix calculation for size of IR context payload (git-fixes).\n- ALSA: firewire-lib: fix check for the size of isochronous packet payload (git-fixes).\n- ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes).\n- ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable (git-fixes).\n- ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (git-fixes).\n- ALSA: hda/realtek: Headphone volume is controlled by Front mixer (git-fixes).\n- ALSA: hda/realtek: reset eapd coeff to default value for alc287 (git-fixes).\n- ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes).\n- ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP (git-fixes).\n- ALSA: hdsp: do not disable if not enabled (git-fixes).\n- ALSA: hdspm: do not disable if not enabled (git-fixes).\n- ALSA: intel8x0: Do not update period unless prepared (git-fixes).\n- ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes).\n- ALSA: rme9652: do not disable if not enabled (git-fixes).\n- ALSA: usb-audio: Validate MS endpoint descriptors (git-fixes).\n- ALSA: usb-audio: fix control-request direction (git-fixes).\n- ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (git-fixes).\n- ALSA: usb-audio: scarlett2: Improve driver startup messages (git-fixes).\n- ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static (git-fixes).\n- ARM64: vdso32: Install vdso32 from vdso_install (git-fixes).\n- ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet (git-fixes).\n- ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF (git-fixes).\n- ASoC: cs35l33: fix an error code in probe() (git-fixes).\n- ASoC: cs42l42: Regmap must use_single_read/write (git-fixes).\n- ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init() (git-fixes).\n- ASoC: rsnd: core: Check convert rate in rsnd_hw_params (git-fixes).\n- ASoC: rt286: Generalize support for ALC3263 codec (git-fixes).\n- ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes).\n- Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS (git-fixes).\n- Bluetooth: SMP: Fail if remote and local public keys are identical (git-fixes).\n- Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes).\n- Bluetooth: check for zapped sk before connecting (git-fixes).\n- Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes).\n- Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM (git-fixes).\n- Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725).\n- Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725).\n- Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes).\n- Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices (git-fixes).\n- Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state (git-fixes).\n- KVM: s390: fix guarded storage control register handling (bsc#1133021).\n- Move upstreamed media fixes into sorted section\n- NFC: nci: fix memory leak in nci_allocate_device (git-fixes).\n- PCI/RCEC: Fix RCiEP device to RCEC association (git-fixes).\n- PCI: Allow VPD access for QLogic ISP2722 (git-fixes).\n- PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes).\n- PCI: Release OF node in pci_scan_device()\u0027s error path (git-fixes).\n- PCI: endpoint: Fix missing destroy_workqueue() (git-fixes).\n- PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() (git-fixes).\n- PCI: thunder: Fix compile testing (git-fixes).\n- PM / devfreq: Use more accurate returned new_freq as resume_freq (git-fixes).\n- RDMA/addr: create addr_wq with WQ_MEM_RECLAIM flag (bsc#1183346).\n- RDMA/core: create ib_cm with WQ_MEM_RECLAIM flag (bsc#1183346).\n- RDMA/hns: Delete redundant abnormal interrupt status (git-fixes).\n- RDMA/hns: Delete redundant condition judgment related to eq (git-fixes).\n- RDMA/qedr: Fix error return code in qedr_iw_connect() (jsc#SLE-8215).\n- RDMA/srpt: Fix error return code in srpt_cm_req_recv() (git-fixes).\n- Revert \u0027arm64: vdso: Fix compilation with clang older than 8\u0027 (git-fixes).\n- Revert \u0027gdrom: fix a memory leak bug\u0027 (git-fixes).\n- Revert \u0027i3c master: fix missing destroy_workqueue() on error in i3c_master_register\u0027 (git-fixes).\n- Revert \u0027leds: lp5523: fix a missing check of return value of lp55xx_read\u0027 (git-fixes).\n- Revert 337f13046ff0 (\u0027futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op\u0027) (git-fixes).\n- SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1185428).\n- SUNRPC: More fixes for backlog congestion (bsc#1185428).\n- USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet (git-fixes).\n- USB: Add reset-resume quirk for WD19\u0027s Realtek Hub (git-fixes).\n- USB: serial: pl2303: add support for PL2303HXN (bsc#1186320).\n- USB: serial: pl2303: fix line-speed handling on newer chips (bsc#1186320).\n- USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check (git-fixes).\n- USB: trancevibrator: fix control-request direction (git-fixes).\n- amdgpu: avoid incorrect %hu format string (git-fixes).\n- arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory (git-fixes).\n- arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes).\n- arm64: avoid -Woverride-init warning (git-fixes).\n- arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL (git-fixes).\n- arm64: kdump: update ppos when reading elfcorehdr (git-fixes).\n- arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into() fails (git-fixes).\n- arm64: link with -z norelro for LLD or aarch64-elf (git-fixes).\n- arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (git-fixes).\n- arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) (git-fixes).\n- arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter() (git-fixes).\n- arm64: vdso32: make vdso32 install conditional (git-fixes).\n- arm: mm: use __pfn_to_section() to get mem_section (git-fixes).\n- ata: ahci: Disable SXS for Hisilicon Kunpeng920 (git-fixes).\n- blk-iocost: ioc_pd_free() shouldn\u0027t assume irq disabled (git-fixes).\n- blk-mq: Swap two calls in blk_mq_exit_queue() (git-fixes).\n- block/genhd: use atomic_t for disk_event-\u003eblock (bsc#1185497).\n- block: Fix three kernel-doc warnings (git-fixes).\n- block: fix get_max_io_size() (git-fixes).\n- bnxt_en: Fix RX consumer index logic in the error path (git-fixes).\n- bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (git-fixes).\n- bpf: Fix leakage of uninitialized bpf stack under speculation (bsc#1155518).\n- bpf: Fix masking negation logic upon negative dst register (bsc#1155518).\n- btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441).\n- btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439).\n- cdc-wdm: untangle a circular dependency between callback and softint (git-fixes).\n- cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom (git-fixes).\n- cdrom: gdrom: initialize global variable at init time (git-fixes).\n- ceph: do not clobber i_snap_caps on non-I_NEW inode (bsc#1186501).\n- ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501).\n- ceph: fix up error handling with snapdirs (bsc#1186501).\n- ceph: only check pool permissions for regular files (bsc#1186501).\n- cfg80211: scan: drop entry from hidden_list on overflow (git-fixes).\n- clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return (git-fixes).\n- cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758).\n- crypto: api - check for ERR pointers in crypto_destroy_tfm() (git-fixes).\n- crypto: mips/poly1305 - enable for all MIPS processors (git-fixes).\n- crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init (git-fixes).\n- crypto: qat - Fix a double free in adf_create_ring (git-fixes).\n- crypto: qat - do not release uninitialized resources (git-fixes).\n- crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes).\n- crypto: qat - fix unmap invalid dma address (git-fixes).\n- crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c (git-fixes).\n- crypto: stm32/hash - Fix PM reference leak on stm32-hash.c (git-fixes).\n- cxgb4: Fix unintentional sign extension issues (git-fixes).\n- dm: avoid filesystem lookup in dm_get_dev_t() (git-fixes).\n- dmaengine: dw-edma: Fix crash on loading/unloading driver (git-fixes).\n- docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes).\n- docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes).\n- drivers: hv: Fix whitespace errors (bsc#1185725).\n- drm/amd/display: Fix UBSAN warning for not a valid value for type \u0027_Bool\u0027 (git-fixes).\n- drm/amd/display: Fix two cursor duplication when using overlay (git-fixes).\n- drm/amd/display: Force vsync flip when reconfiguring MPCC (git-fixes).\n- drm/amd/display: Reject non-zero src_y and src_x for video planes (git-fixes).\n- drm/amd/display: fix dml prefetch validation (git-fixes).\n- drm/amd/display: fixed divide by zero kernel crash during dsc enablement (git-fixes).\n- drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f (git-fixes).\n- drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (git-fixes).\n- drm/amdgpu: fix NULL pointer dereference (git-fixes).\n- drm/amdgpu: mask the xgmi number of hops reported from psp to kfd (git-fixes).\n- drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug (git-fixes).\n- drm/i915: Avoid div-by-zero on gen2 (git-fixes).\n- drm/meson: fix shutdown crash when component not probed (git-fixes).\n- drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes).\n- drm/msm/mdp5: Do not multiply vclk line count by 100 (git-fixes).\n- drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (git-fixes).\n- drm/radeon: Avoid power table parsing memory leaks (git-fixes).\n- drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes).\n- drm/vkms: fix misuse of WARN_ON (git-fixes).\n- drm: Added orientation quirk for OneGX1 Pro (git-fixes).\n- ethernet:enic: Fix a use after free bug in enic_hard_start_xmit (git-fixes).\n- extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged (git-fixes).\n- extcon: arizona: Fix various races on driver unbind (git-fixes).\n- fbdev: zero-fill colormap in fbcmap.c (git-fixes).\n- firmware: arm_scpi: Prevent the ternary sign expansion bug (git-fixes).\n- fs/epoll: restore waking from ep_done_scan() (bsc#1183868).\n- ftrace: Handle commands when closing set_ftrace_filter file (git-fixes).\n- futex: Change utime parameter to be \u0027const ... *\u0027 (git-fixes).\n- futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI (bsc#1164648).\n- futex: Get rid of the val2 conditional dance (git-fixes).\n- futex: Make syscall entry points less convoluted (git-fixes).\n- genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes)\n- genirq: Disable interrupts for force threaded handlers (git-fixes)\n- genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641).\n- gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes).\n- gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 (git-fixes).\n- hrtimer: Update softirq_expires_next correctly after (git-fixes)\n- hwmon: (occ) Fix poll rate limiting (git-fixes).\n- i2c: Add I2C_AQ_NO_REP_START adapter quirk (git-fixes).\n- i2c: bail out early when RDWR parameters are wrong (git-fixes).\n- i2c: i801: Do not generate an interrupt on bus reset (git-fixes).\n- i2c: s3c2410: fix possible NULL pointer deref on read message after write (git-fixes).\n- i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (git-fixes).\n- i40e: Fix PHY type identifiers for 2.5G and 5G adapters (git-fixes).\n- i40e: Fix use-after-free in i40e_client_subtask() (git-fixes).\n- i40e: fix broken XDP support (git-fixes).\n- i40e: fix the restart auto-negotiation after FEC modified (git-fixes).\n- ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043).\n- ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).\n- ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).\n- ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432 git-fixes).\n- ics932s401: fix broken handling of errors when word reading fails (git-fixes).\n- iio: adc: ad7124: Fix missbalanced regulator enable / disable on error (git-fixes).\n- iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers (git-fixes).\n- iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() (git-fixes).\n- iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes).\n- iio: gyro: fxas21002c: balance runtime power in error path (git-fixes).\n- iio: gyro: mpu3050: Fix reported temperature value (git-fixes).\n- iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes).\n- iio: tsl2583: Fix division by a zero lux_val (git-fixes).\n- intel_th: Consistency and off-by-one fix (git-fixes).\n- iommu/amd: Add support for map/unmap_resource (jsc#ECO-3482).\n- ipc/mqueue, msg, sem: Avoid relying on a stack reference past its expiry (bsc#1185988).\n- ipmi/watchdog: Stop watchdog timer when the current action is \u0027none\u0027 (bsc#1184855).\n- kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle UTF-8 input in non-UTF-8 locale.\n- leds: lp5523: check return value of lp5xx_read and jump to cleanup code (git-fixes).\n- lpfc: Decouple port_template and vport_template (bsc#185032).\n- mac80211: clear the beacon\u0027s CRC after channel switch (git-fixes).\n- md-cluster: fix use-after-free issue when removing rdev (bsc#1184082).\n- md/raid1: properly indicate failure when ending a failed write request (bsc#1185680).\n- md: do not flush workqueue unconditionally in md_open (bsc#1184081).\n- md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081).\n- md: md_open returns -EBUSY when entering racing area (bsc#1184081).\n- md: split mddev_find (bsc#1184081).\n- media: adv7604: fix possible use-after-free in adv76xx_remove() (git-fixes).\n- media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB (git-fixes).\n- media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes).\n- media: em28xx: fix memory leak (git-fixes).\n- media: gspca/sq905.c: fix uninitialized variable (git-fixes).\n- media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() (git-fixes).\n- media: i2c: adv7842: fix possible use-after-free in adv7842_remove() (git-fixes).\n- media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove() (git-fixes).\n- media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt() (git-fixes).\n- media: ite-cir: check for receive overflow (git-fixes).\n- media: media/saa7164: fix saa7164_encoder_register() memory leak bugs (git-fixes).\n- media: platform: sti: Fix runtime PM imbalance in regs_show (git-fixes).\n- media: tc358743: fix possible use-after-free in tc358743_remove() (git-fixes).\n- mfd: arizona: Fix rumtime PM imbalance on error (git-fixes).\n- misc/uss720: fix memory leak in uss720_probe (git-fixes).\n- mlxsw: spectrum_mr: Update egress RIF list before route\u0027s action (git-fixes).\n- mmc: block: Update ext_csd.cache_ctrl if it was written (git-fixes).\n- mmc: core: Do a power cycle when the CMD11 fails (git-fixes).\n- mmc: core: Set read only for SD cards with permanent write protect bit (git-fixes).\n- mmc: sdhci-pci-gli: increase 1.8V regulator wait (git-fixes).\n- mmc: sdhci-pci: Add PCI IDs for Intel LKF (git-fixes).\n- mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers (git-fixes).\n- mmc: sdhci: Check for reset prior to DMA address unmap (git-fixes).\n- net, xdp: Update pkt_type if generic XDP changes unicast MAC (git-fixes).\n- net: enetc: fix link error again (git-fixes).\n- net: hns3: Fix for geneve tx checksum bug (git-fixes).\n- net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet() (git-fixes).\n- net: hns3: clear unnecessary reset request in hclge_reset_rebuild (git-fixes).\n- net: hns3: disable phy loopback setting in hclge_mac_start_phy (git-fixes).\n- net: hns3: fix for vxlan gpe tx checksum bug (git-fixes).\n- net: hns3: fix incorrect configuration for igu_egu_hw_err (git-fixes).\n- net: hns3: initialize the message content in hclge_get_link_mode() (git-fixes).\n- net: hns3: use netif_tx_disable to stop the transmit queue (git-fixes).\n- net: thunderx: Fix unintentional sign extension issue (git-fixes).\n- net: usb: fix memory leak in smsc75xx_bind (git-fixes).\n- netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes).\n- netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950).\n- netfilter: conntrack: avoid misleading \u0027invalid\u0027 in log message (bsc#1183947 bsc#1185950).\n- netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950).\n- nvme-core: add cancel tagset helpers (bsc#1183976).\n- nvme-fabrics: decode host pathing error for connect (bsc#1179827).\n- nvme-fc: check sgl supported by target (bsc#1179827).\n- nvme-fc: clear q_live at beginning of association teardown (bsc#1186479).\n- nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted (bsc#1184259).\n- nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#1184259).\n- nvme-fc: short-circuit reconnect retries (bsc#1179827).\n- nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#1184259).\n- nvme-pci: Remove tag from process cq (git-fixes).\n- nvme-pci: Remove two-pass completions (git-fixes).\n- nvme-pci: Simplify nvme_poll_irqdisable (git-fixes).\n- nvme-pci: align io queue count with allocted nvme_queue in (git-fixes).\n- nvme-pci: avoid race between nvme_reap_pending_cqes() and nvme_poll() (git-fixes).\n- nvme-pci: dma read memory barrier for completions (git-fixes).\n- nvme-pci: fix \u0027slimmer CQ head update\u0027 (git-fixes).\n- nvme-pci: make sure write/poll_queues less or equal then cpu (git-fixes).\n- nvme-pci: remove last_sq_tail (git-fixes).\n- nvme-pci: remove volatile cqes (git-fixes).\n- nvme-pci: slimmer CQ head update (git-fixes).\n- nvme-pci: use simple suspend when a HMB is enabled (git-fixes).\n- nvme-tcp: Fix possible race of io_work and direct send (git-fixes).\n- nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT (git-fixes).\n- nvme-tcp: add clean action for failed reconnection (bsc#1183976).\n- nvme-tcp: fix kconfig dependency warning when !CRYPTO (git-fixes).\n- nvme-tcp: fix misuse of __smp_processor_id with preemption (git-fixes).\n- nvme-tcp: fix possible hang waiting for icresp response (bsc#1179519).\n- nvme-tcp: use cancel tagset helper for tear down (bsc#1183976).\n- nvme: Fix NULL dereference for pci nvme controllers (bsc#1182378).\n- nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1184259).\n- nvme: define constants for identification values (git-fixes).\n- nvme: do not intialize hwmon for discovery controllers (bsc#1184259).\n- nvme: do not intialize hwmon for discovery controllers (git-fixes).\n- nvme: document nvme controller states (git-fixes).\n- nvme: explicitly update mpath disk capacity on revalidation (git-fixes).\n- nvme: expose reconnect_delay and ctrl_loss_tmo via sysfs (bsc#1182378).\n- nvme: fix controller instance leak (git-fixes).\n- nvme: fix deadlock in disconnect during scan_work and/or ana_work (git-fixes).\n- nvme: fix possible deadlock when I/O is blocked (git-fixes).\n- nvme: remove superfluous else in nvme_ctrl_loss_tmo_store (bsc#1182378).\n- nvme: retrigger ANA log update if group descriptor isn\u0027t found (git-fixes)\n- nvme: simplify error logic in nvme_validate_ns() (bsc#1184259).\n- nvmet: fix a memory leak (git-fixes).\n- nvmet: seset ns-\u003efile when open fails (bsc#1183873).\n- nvmet: use new ana_log_size instead the old one (bsc#1184259).\n- nxp-i2c: restore includes for kABI (bsc#1185589).\n- nxp-nci: add NXP1002 id (bsc#1185589).\n- phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() (git-fixes).\n- pinctrl: ingenic: Improve unreachable code generation (git-fixes).\n- pinctrl: samsung: use \u0027int\u0027 for register masks in Exynos (git-fixes).\n- platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes).\n- platform/x86: intel_pmc_core: Do not use global pmcdev in quirks (git-fixes).\n- platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes).\n- posix-timers: Preserve return value in clock_adjtime32() (git-fixes)\n- power: supply: Use IRQF_ONESHOT (git-fixes).\n- power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() (git-fixes).\n- power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() (git-fixes).\n- powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666 git-fixes).\n- powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes).\n- qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth (git-fixes).\n- rtc: pcf2127: handle timestamp interrupts (bsc#1185495).\n- s390/dasd: fix hanging DASD driver unbind (bsc#1183932 LTC#192153).\n- s390/entry: save the caller of psw_idle (bsc#1185677).\n- s390/kdump: fix out-of-memory with PCI (bsc#1182257 LTC#191375).\n- sched/eas: Do not update misfit status if the task is pinned (git-fixes)\n- sched/fair: Avoid stale CPU util_est value for schedutil in (git-fixes)\n- sched/fair: Fix unfairness caused by missing load decay (git-fixes)\n- scripts/git_sort/git_sort.py: add bpf git repo\n- scsi: core: Run queue in case of I/O resource contention failure (bsc#1186416).\n- scsi: fnic: Kill \u0027exclude_id\u0027 argument to fnic_cleanup_io() (bsc#1179851).\n- scsi: libfc: Avoid invoking response handler twice if ep is already completed (bsc#1186573).\n- scsi: lpfc: Add a option to enable interlocked ABTS before job completion (bsc#1186451).\n- scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186451).\n- scsi: lpfc: Fix \u0027Unexpected timeout\u0027 error in direct attach topology (bsc#1186451).\n- scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs (bsc#1186451).\n- scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#1186451).\n- scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs (bsc#1186451).\n- scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller (bsc#1186451).\n- scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186451).\n- scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186451).\n- scsi: lpfc: Ignore GID-FT response that may be received after a link flip (bsc#1186451).\n- scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric controller (bsc#1186451).\n- scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186451).\n- sctp: delay auto_asconf init until binding the first addr (\u0026lt;cover.1620748346.git.mkubecek@suse.cz\u003e).\n- serial: core: fix suspicious security_locked_down() call (git-fixes).\n- serial: core: return early on unsupported ioctls (git-fixes).\n- serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (git-fixes).\n- serial: stm32: fix incorrect characters on console (git-fixes).\n- serial: stm32: fix tx_empty condition (git-fixes).\n- serial: tegra: Fix a mask operation that is always true (git-fixes).\n- smc: disallow TCP_ULP in smc_setsockopt() (git-fixes).\n- spi: ath79: always call chipselect function (git-fixes).\n- spi: ath79: remove spi-master setup and cleanup assignment (git-fixes).\n- spi: dln2: Fix reference leak to master (git-fixes).\n- spi: omap-100k: Fix reference leak to master (git-fixes).\n- spi: qup: fix PM reference leak in spi_qup_remove() (git-fixes).\n- spi: spi-fsl-dspi: Fix a resource leak in an error handling path (git-fixes).\n- staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes).\n- staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes).\n- tcp: fix to update snd_wl1 in bulk receiver fast path (\u0026lt;cover.1620748346.git.mkubecek@suse.cz\u003e).\n- thermal/drivers/ti-soc-thermal/bandgap Remove unused variable \u0027val\u0027 (git-fixes).\n- thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (git-fixes).\n- tracing: Map all PIDs to command lines (git-fixes).\n- tty: amiserial: fix TIOCSSERIAL permission check (git-fixes).\n- tty: fix memory leak in vc_deallocate (git-fixes).\n- tty: moxa: fix TIOCSSERIAL jiffies conversions (git-fixes).\n- tty: moxa: fix TIOCSSERIAL permission check (git-fixes).\n- uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes).\n- uio_hv_generic: Fix a memory leak in error handling paths (git-fixes).\n- uio_hv_generic: Fix another memory leak in error handling paths (git-fixes).\n- uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes).\n- usb: core: hub: Fix PM reference leak in usb_port_resume() (git-fixes).\n- usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes).\n- usb: dwc2: Fix gadget DMA unmap direction (git-fixes).\n- usb: dwc3: gadget: Enable suspend events (git-fixes).\n- usb: dwc3: gadget: Return success always for kick transfer in ep queue (git-fixes).\n- usb: dwc3: omap: improve extcon initialization (git-fixes).\n- usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield (git-fixes).\n- usb: fotg210-hcd: Fix an error message (git-fixes).\n- usb: gadget/function/f_fs string table fix for multiple languages (git-fixes).\n- usb: gadget: dummy_hcd: fix gpf in gadget_setup (git-fixes).\n- usb: gadget: f_uac1: validate input parameters (git-fixes).\n- usb: gadget: f_uac2: validate input parameters (git-fixes).\n- usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (git-fixes).\n- usb: gadget: uvc: add bInterval checking for HS mode (git-fixes).\n- usb: musb: fix PM reference leak in musb_irq_work() (git-fixes).\n- usb: sl811-hcd: improve misleading indentation (git-fixes).\n- usb: webcam: Invalid size of Processing Unit Descriptor (git-fixes).\n- usb: xhci: Fix port minor revision (git-fixes).\n- usb: xhci: Increase timeout for HC halt (git-fixes).\n- vgacon: Record video mode changes with VT_RESIZEX (git-fixes).\n- video: hyperv_fb: Add ratelimit on error message (bsc#1185725).\n- vrf: fix a comment about loopback device (git-fixes).\n- watchdog/softlockup: Remove obsolete check of last reported task (bsc#1185982).\n- watchdog/softlockup: report the overall time of softlockups (bsc#1185982).\n- watchdog: explicitly update timestamp when reporting softlockup (bsc#1185982).\n- watchdog: rename __touch_watchdog() to a better descriptive name (bsc#1185982).\n- whitespace cleanup\n- wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes).\n- wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes).\n- workqueue: Minor follow-ups to the rescuer destruction change (bsc#1185911).\n- workqueue: more destroy_workqueue() fixes (bsc#1185911).\n- x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#1152489).\n- xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes).\n- xhci: check control context is valid before dereferencing it (git-fixes).\n- xhci: fix potential array out of bounds with several interrupters (git-fixes).\n- xsk: Respect device\u0027s headroom and tailroom on generic xmit path (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-843",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0843-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0843-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QHZZYSYX2W3FJK73UGT72F2DQ37IKCJY/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0843-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QHZZYSYX2W3FJK73UGT72F2DQ37IKCJY/"
},
{
"category": "self",
"summary": "SUSE Bug 1087082",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "self",
"summary": "SUSE Bug 1133021",
"url": "https://bugzilla.suse.com/1133021"
},
{
"category": "self",
"summary": "SUSE Bug 1152457",
"url": "https://bugzilla.suse.com/1152457"
},
{
"category": "self",
"summary": "SUSE Bug 1152489",
"url": "https://bugzilla.suse.com/1152489"
},
{
"category": "self",
"summary": "SUSE Bug 1155518",
"url": "https://bugzilla.suse.com/1155518"
},
{
"category": "self",
"summary": "SUSE Bug 1156395",
"url": "https://bugzilla.suse.com/1156395"
},
{
"category": "self",
"summary": "SUSE Bug 1164648",
"url": "https://bugzilla.suse.com/1164648"
},
{
"category": "self",
"summary": "SUSE Bug 1177666",
"url": "https://bugzilla.suse.com/1177666"
},
{
"category": "self",
"summary": "SUSE Bug 1178418",
"url": "https://bugzilla.suse.com/1178418"
},
{
"category": "self",
"summary": "SUSE Bug 1179519",
"url": "https://bugzilla.suse.com/1179519"
},
{
"category": "self",
"summary": "SUSE Bug 1179827",
"url": "https://bugzilla.suse.com/1179827"
},
{
"category": "self",
"summary": "SUSE Bug 1179851",
"url": "https://bugzilla.suse.com/1179851"
},
{
"category": "self",
"summary": "SUSE Bug 1182378",
"url": "https://bugzilla.suse.com/1182378"
},
{
"category": "self",
"summary": "SUSE Bug 1182999",
"url": "https://bugzilla.suse.com/1182999"
},
{
"category": "self",
"summary": "SUSE Bug 1183346",
"url": "https://bugzilla.suse.com/1183346"
},
{
"category": "self",
"summary": "SUSE Bug 1183976",
"url": "https://bugzilla.suse.com/1183976"
},
{
"category": "self",
"summary": "SUSE Bug 1184259",
"url": "https://bugzilla.suse.com/1184259"
},
{
"category": "self",
"summary": "SUSE Bug 1185428",
"url": "https://bugzilla.suse.com/1185428"
},
{
"category": "self",
"summary": "SUSE Bug 1185495",
"url": "https://bugzilla.suse.com/1185495"
},
{
"category": "self",
"summary": "SUSE Bug 1185589",
"url": "https://bugzilla.suse.com/1185589"
},
{
"category": "self",
"summary": "SUSE Bug 1185645",
"url": "https://bugzilla.suse.com/1185645"
},
{
"category": "self",
"summary": "SUSE Bug 1185703",
"url": "https://bugzilla.suse.com/1185703"
},
{
"category": "self",
"summary": "SUSE Bug 1185725",
"url": "https://bugzilla.suse.com/1185725"
},
{
"category": "self",
"summary": "SUSE Bug 1185758",
"url": "https://bugzilla.suse.com/1185758"
},
{
"category": "self",
"summary": "SUSE Bug 1185861",
"url": "https://bugzilla.suse.com/1185861"
},
{
"category": "self",
"summary": "SUSE Bug 1185863",
"url": "https://bugzilla.suse.com/1185863"
},
{
"category": "self",
"summary": "SUSE Bug 1185911",
"url": "https://bugzilla.suse.com/1185911"
},
{
"category": "self",
"summary": "SUSE Bug 1185938",
"url": "https://bugzilla.suse.com/1185938"
},
{
"category": "self",
"summary": "SUSE Bug 1185982",
"url": "https://bugzilla.suse.com/1185982"
},
{
"category": "self",
"summary": "SUSE Bug 1186320",
"url": "https://bugzilla.suse.com/1186320"
},
{
"category": "self",
"summary": "SUSE Bug 1186416",
"url": "https://bugzilla.suse.com/1186416"
},
{
"category": "self",
"summary": "SUSE Bug 1186439",
"url": "https://bugzilla.suse.com/1186439"
},
{
"category": "self",
"summary": "SUSE Bug 1186460",
"url": "https://bugzilla.suse.com/1186460"
},
{
"category": "self",
"summary": "SUSE Bug 1186484",
"url": "https://bugzilla.suse.com/1186484"
},
{
"category": "self",
"summary": "SUSE Bug 1186573",
"url": "https://bugzilla.suse.com/1186573"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24586 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24586/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24587 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24587/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24588 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24588/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26139 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26141 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26145 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26147 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23134 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32399 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32399/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33034 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33200 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33200/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3491 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3491/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2021-06-06T08:12:41Z",
"generator": {
"date": "2021-06-06T08:12:41Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0843-1",
"initial_release_date": "2021-06-06T08:12:41Z",
"revision_history": [
{
"date": "2021-06-06T08:12:41Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-5.3.18-lp152.78.1.noarch",
"product": {
"name": "kernel-devel-5.3.18-lp152.78.1.noarch",
"product_id": "kernel-devel-5.3.18-lp152.78.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-5.3.18-lp152.78.1.noarch",
"product": {
"name": "kernel-docs-5.3.18-lp152.78.1.noarch",
"product_id": "kernel-docs-5.3.18-lp152.78.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-html-5.3.18-lp152.78.1.noarch",
"product": {
"name": "kernel-docs-html-5.3.18-lp152.78.1.noarch",
"product_id": "kernel-docs-html-5.3.18-lp152.78.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-5.3.18-lp152.78.1.noarch",
"product": {
"name": "kernel-macros-5.3.18-lp152.78.1.noarch",
"product_id": "kernel-macros-5.3.18-lp152.78.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-5.3.18-lp152.78.1.noarch",
"product": {
"name": "kernel-source-5.3.18-lp152.78.1.noarch",
"product_id": "kernel-source-5.3.18-lp152.78.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"product": {
"name": "kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"product_id": "kernel-source-vanilla-5.3.18-lp152.78.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-debug-5.3.18-lp152.78.1.x86_64",
"product": {
"name": "kernel-debug-5.3.18-lp152.78.1.x86_64",
"product_id": "kernel-debug-5.3.18-lp152.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"product": {
"name": "kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"product_id": "kernel-debug-devel-5.3.18-lp152.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-5.3.18-lp152.78.1.x86_64",
"product": {
"name": "kernel-default-5.3.18-lp152.78.1.x86_64",
"product_id": "kernel-default-5.3.18-lp152.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"product": {
"name": "kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"product_id": "kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"product": {
"name": "kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"product_id": "kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"product": {
"name": "kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"product_id": "kernel-default-devel-5.3.18-lp152.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"product": {
"name": "kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"product_id": "kernel-kvmsmall-5.3.18-lp152.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"product": {
"name": "kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"product_id": "kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"product": {
"name": "kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"product_id": "kernel-obs-build-5.3.18-lp152.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"product": {
"name": "kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"product_id": "kernel-obs-qa-5.3.18-lp152.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-preempt-5.3.18-lp152.78.1.x86_64",
"product": {
"name": "kernel-preempt-5.3.18-lp152.78.1.x86_64",
"product_id": "kernel-preempt-5.3.18-lp152.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"product": {
"name": "kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"product_id": "kernel-preempt-devel-5.3.18-lp152.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-5.3.18-lp152.78.1.x86_64",
"product": {
"name": "kernel-syms-5.3.18-lp152.78.1.x86_64",
"product_id": "kernel-syms-5.3.18-lp152.78.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-5.3.18-lp152.78.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64"
},
"product_reference": "kernel-debug-5.3.18-lp152.78.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-5.3.18-lp152.78.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64"
},
"product_reference": "kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-5.3.18-lp152.78.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64"
},
"product_reference": "kernel-default-5.3.18-lp152.78.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64"
},
"product_reference": "kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64"
},
"product_reference": "kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-5.3.18-lp152.78.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64"
},
"product_reference": "kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-5.3.18-lp152.78.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch"
},
"product_reference": "kernel-devel-5.3.18-lp152.78.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-5.3.18-lp152.78.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch"
},
"product_reference": "kernel-docs-5.3.18-lp152.78.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-html-5.3.18-lp152.78.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch"
},
"product_reference": "kernel-docs-html-5.3.18-lp152.78.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-5.3.18-lp152.78.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64"
},
"product_reference": "kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64"
},
"product_reference": "kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-5.3.18-lp152.78.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch"
},
"product_reference": "kernel-macros-5.3.18-lp152.78.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-5.3.18-lp152.78.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64"
},
"product_reference": "kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-qa-5.3.18-lp152.78.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64"
},
"product_reference": "kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-preempt-5.3.18-lp152.78.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64"
},
"product_reference": "kernel-preempt-5.3.18-lp152.78.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-preempt-devel-5.3.18-lp152.78.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64"
},
"product_reference": "kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-5.3.18-lp152.78.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch"
},
"product_reference": "kernel-source-5.3.18-lp152.78.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-5.3.18-lp152.78.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch"
},
"product_reference": "kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-5.3.18-lp152.78.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
},
"product_reference": "kernel-syms-5.3.18-lp152.78.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-24586",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24586"
}
],
"notes": [
{
"category": "general",
"text": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24586",
"url": "https://www.suse.com/security/cve/CVE-2020-24586"
},
{
"category": "external",
"summary": "SUSE Bug 1185859 for CVE-2020-24586",
"url": "https://bugzilla.suse.com/1185859"
},
{
"category": "external",
"summary": "SUSE Bug 1192868 for CVE-2020-24586",
"url": "https://bugzilla.suse.com/1192868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-06T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2020-24586"
},
{
"cve": "CVE-2020-24587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24587"
}
],
"notes": [
{
"category": "general",
"text": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24587",
"url": "https://www.suse.com/security/cve/CVE-2020-24587"
},
{
"category": "external",
"summary": "SUSE Bug 1185859 for CVE-2020-24587",
"url": "https://bugzilla.suse.com/1185859"
},
{
"category": "external",
"summary": "SUSE Bug 1185862 for CVE-2020-24587",
"url": "https://bugzilla.suse.com/1185862"
},
{
"category": "external",
"summary": "SUSE Bug 1192868 for CVE-2020-24587",
"url": "https://bugzilla.suse.com/1192868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-06T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2020-24587"
},
{
"cve": "CVE-2020-24588",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24588"
}
],
"notes": [
{
"category": "general",
"text": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24588",
"url": "https://www.suse.com/security/cve/CVE-2020-24588"
},
{
"category": "external",
"summary": "SUSE Bug 1185861 for CVE-2020-24588",
"url": "https://bugzilla.suse.com/1185861"
},
{
"category": "external",
"summary": "SUSE Bug 1192868 for CVE-2020-24588",
"url": "https://bugzilla.suse.com/1192868"
},
{
"category": "external",
"summary": "SUSE Bug 1199701 for CVE-2020-24588",
"url": "https://bugzilla.suse.com/1199701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-06T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2020-24588"
},
{
"cve": "CVE-2020-26139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26139"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26139",
"url": "https://www.suse.com/security/cve/CVE-2020-26139"
},
{
"category": "external",
"summary": "SUSE Bug 1186062 for CVE-2020-26139",
"url": "https://bugzilla.suse.com/1186062"
},
{
"category": "external",
"summary": "SUSE Bug 1192868 for CVE-2020-26139",
"url": "https://bugzilla.suse.com/1192868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-06T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2020-26139"
},
{
"cve": "CVE-2020-26141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26141"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26141",
"url": "https://www.suse.com/security/cve/CVE-2020-26141"
},
{
"category": "external",
"summary": "SUSE Bug 1185987 for CVE-2020-26141",
"url": "https://bugzilla.suse.com/1185987"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-06T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2020-26141"
},
{
"cve": "CVE-2020-26145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26145"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26145",
"url": "https://www.suse.com/security/cve/CVE-2020-26145"
},
{
"category": "external",
"summary": "SUSE Bug 1185860 for CVE-2020-26145",
"url": "https://bugzilla.suse.com/1185860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-06T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2020-26145"
},
{
"cve": "CVE-2020-26147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26147"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26147",
"url": "https://www.suse.com/security/cve/CVE-2020-26147"
},
{
"category": "external",
"summary": "SUSE Bug 1233723 for CVE-2020-26147",
"url": "https://bugzilla.suse.com/1233723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-06T08:12:41Z",
"details": "moderate"
}
],
"title": "CVE-2020-26147"
},
{
"cve": "CVE-2021-23134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23134"
}
],
"notes": [
{
"category": "general",
"text": "Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23134",
"url": "https://www.suse.com/security/cve/CVE-2021-23134"
},
{
"category": "external",
"summary": "SUSE Bug 1186060 for CVE-2021-23134",
"url": "https://bugzilla.suse.com/1186060"
},
{
"category": "external",
"summary": "SUSE Bug 1186061 for CVE-2021-23134",
"url": "https://bugzilla.suse.com/1186061"
},
{
"category": "external",
"summary": "SUSE Bug 1220739 for CVE-2021-23134",
"url": "https://bugzilla.suse.com/1220739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-06T08:12:41Z",
"details": "important"
}
],
"title": "CVE-2021-23134"
},
{
"cve": "CVE-2021-32399",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32399"
}
],
"notes": [
{
"category": "general",
"text": "net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32399",
"url": "https://www.suse.com/security/cve/CVE-2021-32399"
},
{
"category": "external",
"summary": "SUSE Bug 1184611 for CVE-2021-32399",
"url": "https://bugzilla.suse.com/1184611"
},
{
"category": "external",
"summary": "SUSE Bug 1185898 for CVE-2021-32399",
"url": "https://bugzilla.suse.com/1185898"
},
{
"category": "external",
"summary": "SUSE Bug 1185899 for CVE-2021-32399",
"url": "https://bugzilla.suse.com/1185899"
},
{
"category": "external",
"summary": "SUSE Bug 1196174 for CVE-2021-32399",
"url": "https://bugzilla.suse.com/1196174"
},
{
"category": "external",
"summary": "SUSE Bug 1200084 for CVE-2021-32399",
"url": "https://bugzilla.suse.com/1200084"
},
{
"category": "external",
"summary": "SUSE Bug 1201734 for CVE-2021-32399",
"url": "https://bugzilla.suse.com/1201734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-06T08:12:41Z",
"details": "important"
}
],
"title": "CVE-2021-32399"
},
{
"cve": "CVE-2021-33034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33034"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33034",
"url": "https://www.suse.com/security/cve/CVE-2021-33034"
},
{
"category": "external",
"summary": "SUSE Bug 1186111 for CVE-2021-33034",
"url": "https://bugzilla.suse.com/1186111"
},
{
"category": "external",
"summary": "SUSE Bug 1186285 for CVE-2021-33034",
"url": "https://bugzilla.suse.com/1186285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-06T08:12:41Z",
"details": "important"
}
],
"title": "CVE-2021-33034"
},
{
"cve": "CVE-2021-33200",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33200"
}
],
"notes": [
{
"category": "general",
"text": "kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux-\u003ealu_limit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33200",
"url": "https://www.suse.com/security/cve/CVE-2021-33200"
},
{
"category": "external",
"summary": "SUSE Bug 1186484 for CVE-2021-33200",
"url": "https://bugzilla.suse.com/1186484"
},
{
"category": "external",
"summary": "SUSE Bug 1186498 for CVE-2021-33200",
"url": "https://bugzilla.suse.com/1186498"
},
{
"category": "external",
"summary": "SUSE Bug 1224878 for CVE-2021-33200",
"url": "https://bugzilla.suse.com/1224878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-06T08:12:41Z",
"details": "important"
}
],
"title": "CVE-2021-33200"
},
{
"cve": "CVE-2021-3491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3491"
}
],
"notes": [
{
"category": "general",
"text": "The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/\u003cPID\u003e/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b (\"io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers\") (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c (\"io_uring: add IORING_OP_PROVIDE_BUFFERS\") (v5.7-rc1).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3491",
"url": "https://www.suse.com/security/cve/CVE-2021-3491"
},
{
"category": "external",
"summary": "SUSE Bug 1185642 for CVE-2021-3491",
"url": "https://bugzilla.suse.com/1185642"
},
{
"category": "external",
"summary": "SUSE Bug 1187090 for CVE-2021-3491",
"url": "https://bugzilla.suse.com/1187090"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:kernel-debug-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-debug-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-base-rebuild-5.3.18-lp152.78.1.lp152.8.34.1.x86_64",
"openSUSE Leap 15.2:kernel-default-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-devel-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-docs-html-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-kvmsmall-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-kvmsmall-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-macros-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-obs-build-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-obs-qa-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-preempt-devel-5.3.18-lp152.78.1.x86_64",
"openSUSE Leap 15.2:kernel-source-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-source-vanilla-5.3.18-lp152.78.1.noarch",
"openSUSE Leap 15.2:kernel-syms-5.3.18-lp152.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-06-06T08:12:41Z",
"details": "important"
}
],
"title": "CVE-2021-3491"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…