CVE-2020-24587

NameCVE-2020-24587
DescriptionThe 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2689-1, DLA-2690-1
NVD severitylow

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
firmware-nonfree (PTS)stretch/non-free20161130-5vulnerable
stretch/non-free (security)20190114-2~deb9u1vulnerable
buster/non-free20190114-2vulnerable
bullseye/non-free20210315-3vulnerable
sid/non-free, bookworm/non-free20210818-1fixed
linux (PTS)stretch4.9.228-1vulnerable
stretch (security)4.9.272-2fixed
buster4.19.194-1fixed
buster (security)4.19.194-3fixed
bookworm, sid, bullseye5.10.46-4fixed
linux-4.19 (PTS)stretch (security)4.19.194-3~deb9u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
firmware-nonfreesourceexperimental20210716-1~exp1
firmware-nonfreesource(unstable)20210818-1
linuxsourcestretch4.9.272-1DLA-2689-1
linuxsourcebuster4.19.194-1
linuxsource(unstable)5.10.46-1
linux-4.19sourcestretch4.19.194-1~deb9u1DLA-2690-1

Notes

[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
[buster] - firmware-nonfree <no-dsa> (Non-free not supported)
https://papers.mathyvanhoef.com/usenix2021.pdf
https://www.fragattacks.com/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
https://lore.kernel.org/linux-wireless/c4d8c2f040b368225b72a91e74ee282d9ceab4d5.camel@coelho.fi/
https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
https://lore.kernel.org/linux-wireless/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid/
https://lore.kernel.org/linux-wireless/20210511200110.037aa5ca0390.I7bb888e2965a0db02a67075fcb5deb50eb7408aa@changeid/
firmware-nonfree (iwlwifi-fw-2021-05-12) addressed the firmware part of the CVE
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=55d964905a2b6cd790cbbbb46640bb2fb520b0cb

Search for package or bug name: Reporting problems