{"id":"CVE-2020-24588","details":"The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.","modified":"2026-04-16T00:02:11.463047842Z","published":"2021-05-11T20:15:08.613Z","related":["ALSA-2021:4356","SUSE-SU-2021:14764-1","SUSE-SU-2021:1888-1","SUSE-SU-2021:1889-1","SUSE-SU-2021:1890-1","SUSE-SU-2021:1975-1","SUSE-SU-2021:1977-1","SUSE-SU-2021:2208-1","SUSE-SU-2021:2321-1","SUSE-SU-2021:2324-1","SUSE-SU-2021:2349-1","SUSE-SU-2021:2406-1","SUSE-SU-2021:2421-1","SUSE-SU-2021:2422-1","SUSE-SU-2021:2427-1","SUSE-SU-2021:2451-1","SUSE-SU-2023:0394-1","SUSE-SU-2023:0433-1","SUSE-SU-2023:0488-1","SUSE-SU-2023:2809-1","openSUSE-SU-2021:0843-1","openSUSE-SU-2021:0947-1","openSUSE-SU-2021:1975-1","openSUSE-SU-2021:1977-1","openSUSE-SU-2021:2427-1","openSUSE-SU-2024:10728-1","openSUSE-SU-2024:13704-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"9.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"4.4.0"},{"fixed":"4.4.271"},{"introduced":"4.9.0"},{"fixed":"4.9.271"},{"introduced":"4.14"},{"fixed":"4.14.235"},{"introduced":"4.19"},{"fixed":"4.19.193"},{"introduced":"5.4"},{"fixed":"5.4.124"},{"introduced":"5.10"},{"fixed":"5.10.42"},{"introduced":"5.12"},{"fixed":"5.12.9"}]},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"1607"}],"cpe":"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"1803"}],"cpe":"cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"1809"}],"cpe":"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"1909"}],"cpe":"cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"2004"}],"cpe":"cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"20h2"}],"cpe":"cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"2004"}],"cpe":"cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*"}]},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/05/11/12"},{"type":"ADVISORY","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf"},{"type":"ADVISORY","url":"https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"},{"type":"ADVISORY","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu"},{"type":"ADVISORY","url":"https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63"},{"type":"ADVISORY","url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html"},{"type":"EVIDENCE","url":"https://www.fragattacks.com"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vanhoefm/fragattacks","events":[{"introduced":"0"},{"last_affected":"93ee3022dc3fdb6e199a57c14b6cc008fe29d921"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"r2-sp1"}],"cpe":"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*"}}],"versions":["aosp-jb-start","aosp-kk-from-upstream","hostap-1-bp","hostap_0_6_3","hostap_0_6_4","hostap_0_6_5","hostap_0_6_6","hostap_0_6_7","hostap_0_7_0","hostap_0_7_1","hostap_0_7_2","hostap_2_0","hostap_2_1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-24588.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}