CVE-2020-24587

Name	CVE-2020-24587
Description	The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-2689-1, DLA-2690-1, DLA-3380-1, ELA-458-1, ELA-826-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
firmware-nonfree (PTS)	jessie/non-free	20190114+really20220913-0+deb8u2	fixed
	jessie/non-free (lts)	20190114+really20220913-0+deb8u1	fixed
	stretch/non-free	20190114+really20220913-0+deb9u2	fixed
	stretch/non-free (security)	20190114-2~deb9u1	vulnerable
	stretch/non-free (lts)	20190114+really20220913-0+deb9u1	fixed
	buster/non-free	20190114-2	vulnerable
	buster/non-free (security)	20190114+really20220913-0+deb10u2	fixed
	bullseye/non-free	20210315-3	vulnerable
	bookworm/non-free-firmware	20230210-5	fixed
	trixie/non-free-firmware, sid/non-free-firmware	20230625-2	fixed
linux (PTS)	jessie, jessie (lts)	3.16.84-1	vulnerable
	stretch (security)	4.9.320-2	fixed
	stretch (lts), stretch	4.9.320-3	fixed
	buster	4.19.249-2	fixed
	buster (security)	4.19.304-1	fixed
	bullseye	5.10.209-2	fixed
	bullseye (security)	5.10.205-2	fixed
	bookworm	6.1.76-1	fixed
	bookworm (security)	6.1.85-1	fixed
	trixie	6.6.15-2	fixed
	sid	6.7.9-2	fixed
linux-4.19 (PTS)	stretch (security)	4.19.232-1~deb9u1	fixed
	stretch (lts), stretch	4.19.304-1~deb9u1	fixed
linux-4.9 (PTS)	jessie, jessie (lts)	4.9.303-1~deb8u3	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin
firmware-nonfree	source	experimental	20210716-1~exp1
firmware-nonfree	source	jessie	20190114+really20220913-0+deb8u1		ELA-826-1
firmware-nonfree	source	stretch	20190114+really20220913-0+deb9u1		ELA-826-1
firmware-nonfree	source	buster	20190114+really20220913-0+deb10u1		DLA-3380-1
firmware-nonfree	source	(unstable)	20210818-1
linux	source	jessie	(unfixed)	end-of-life
linux	source	stretch	4.9.272-1		DLA-2689-1
linux	source	buster	4.19.194-1
linux	source	(unstable)	5.10.46-1
linux-4.19	source	stretch	4.19.194-1~deb9u1		DLA-2690-1
linux-4.9	source	jessie	4.9.272-1~deb8u2		ELA-458-1

Notes

[bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
https://papers.mathyvanhoef.com/usenix2021.pdf
https://www.fragattacks.com/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
https://lore.kernel.org/linux-wireless/c4d8c2f040b368225b72a91e74ee282d9ceab4d5.camel@coelho.fi/
https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
https://lore.kernel.org/linux-wireless/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid/
https://lore.kernel.org/linux-wireless/20210511200110.037aa5ca0390.I7bb888e2965a0db02a67075fcb5deb50eb7408aa@changeid/
firmware-nonfree (iwlwifi-fw-2021-05-12) addressed the firmware part of the CVE
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=55d964905a2b6cd790cbbbb46640bb2fb520b0cb