Bug 256119 - [net80211] [patch]: mitigate A-MSDU FragAttacks design flaw
Summary: [net80211] [patch]: mitigate A-MSDU FragAttacks design flaw
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: wireless (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Many People
Assignee: Bjoern A. Zeeb
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-05-24 13:16 UTC by Mathy
Modified: 2021-06-06 22:43 UTC (History)
1 user (show)

See Also:


Attachments
patch: git diff file (6.27 KB, patch)
2021-05-24 13:16 UTC, Mathy
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Mathy 2021-05-24 13:16:55 UTC
Created attachment 225221 [details]
patch: git diff file

FreeBSD is also affected by the A-MSDU design flaw in Wi-Fi (CVE-2020-24588). For background see Section 3 in https://papers.mathyvanhoef.com/usenix2021.pdf

This vulnerability can be reproduced using the FragAttack test tool at https://github.com/vanhoefm/fragattacks with the test case "amsdu-inject-bad" (the injected ping request should be rejected by the kernel).

The attached patches fixes this vulnerability. It was tested using a Belkin F5D8053 (run driver) in client mode.
Comment 1 Bjoern A. Zeeb freebsd_committer 2021-06-06 22:43:48 UTC
This one is here:
https://reviews.freebsd.org/D30664