vulnerability
Oracle Linux: CVE-2020-26144: ELSA-2021-4356: kernel security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:A/AC:L/Au:N/C:N/I:P/A:N) | May 11, 2021 | Sep 23, 2021 | Dec 3, 2025 |
Severity
3
CVSS
(AV:A/AC:L/Au:N/C:N/I:P/A:N)
Published
May 11, 2021
Added
Sep 23, 2021
Modified
Dec 3, 2025
Description
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.
A flaw was found in the Linux kernel, where the WiFi implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (ex., LLC/SNAP) header for EAPOL. The highest threat from this vulnerability is to integrity.
A flaw was found in the Linux kernel, where the WiFi implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (ex., LLC/SNAP) header for EAPOL. The highest threat from this vulnerability is to integrity.
Solutions
oracle-linux-upgrade-kerneloracle-linux-upgrade-kernel-uek
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.