【概要】
■CVE番号
| CVE番号 |
備考 |
|---|---|
| CVE-2020-24588 | Aggregation attack (accepting non-SPP A-MSDU frames) |
| CVE-2020-24587 | Mixed key attack (reassembling fragments encrypted under different keys). |
| CVE-2020-24586 | Fragment cache attack (not clearing fragments from memory when (re)connecting to a network) |
| CVE-2020-26145 | Samsung Galaxy S3 accepting plaintext broadcast fragments as full frames (in an encrypted network) |
| CVE-2020-26144 | Samsung Galaxy S3 accepting plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL (in an encrypted network) |
| CVE-2020-26140 | Alfa Windows 10 driver for AWUS036H accepting plaintext data frames in a protected network |
| CVE-2020-26143 | Alfa Windows 10 driver 1030.36.604 for AWUS036ACH accepting fragmented plaintext data frames in a protected network |
| CVE-2020-26139 | NetBSD forwarding EAPOL frames even though the sender is not yet authenticated |
| CVE-2020-26146 | Samsung Galaxy S3 reassembling encrypted fragments with non-consecutive packet numbers |
| CVE-2020-26147 | Linux kernel 5.8.9 reassembling mixed encrypted/plaintext fragments |
| CVE-2020-26142 | OpenBSD 6.6 kernel processing fragmented frames as full frames |
| CVE-2020-26141 | ALFA Windows 10 driver for AWUS036H not verifying the TKIP MIC of fragmented frames |
【ブログ】
◆FragAttack: New Wi-Fi vulnerabilities that affect… basically everything (Malwarebytes, 2021/05/12)
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/05/fragattack-new-wi-fi-vulnerabilities-that-affect-basically-everything/
