FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD-kernel -- Multiple WiFi issues

Affected packages
13.0 <= FreeBSD-kernel < 13.0_8
12.3 <= FreeBSD-kernel < 12.3_3
12.2 <= FreeBSD-kernel < 12.2_14

Details

VuXML ID 8d20bd48-a4f3-11ec-90de-1c697aa5a594
Discovery 2022-03-15
Entry 2022-03-16

Problem Description:

The paper "Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation" reported a number of security vulnerabilities in the 802.11 specification related to frame aggregation and fragmentation.

Additionally, FreeBSD 12.x missed length validation of SSIDs and Information Elements (IEs).

Impact:

As reported on the FragAttacks website, the "design flaws are hard to abuse because doing so requires user interaction or is only possible when using uncommon network settings." Under suitable conditions an attacker may be able to extract sensitive data or inject data.

References

CVE Name CVE-2020-24588
CVE Name CVE-2020-26144
CVE Name CVE-2020-26147
FreeBSD Advisory SA-22:02.wifi

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.