CVE-2020-26145: 
Linux Kernel vulnerability analysis and mitigation

CVE-2020-26145 is a security vulnerability discovered in WEP, WPA, WPA2, and WPA3 implementations where devices accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. This vulnerability was disclosed on May 11, 2021, and affects various Wi-Fi devices including Samsung Galaxy S3 i9305 4.4.4 devices (NVD, FragAttacks).

The vulnerability is part of the FragAttacks (fragmentation and aggregation attacks) collection of Wi-Fi security flaws. When exploited, the vulnerability allows an adversary to inject arbitrary network packets independent of the network configuration by sending plaintext broadcast fragments that are processed as full frames by vulnerable devices. The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (Medium) with the vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N (NVD).

An adversary within range of a victim's Wi-Fi network can abuse this vulnerability to inject arbitrary network packets, regardless of the network's security configuration. This can potentially lead to unauthorized access to network resources and manipulation of network traffic. The vulnerability can be used as a stepping stone to launch more sophisticated attacks against devices in the local network (FragAttacks).

To mitigate this vulnerability, users should apply security updates provided by their device vendors. If updates are not yet available, users can reduce risk by ensuring websites use HTTPS and by keeping all devices updated with the latest security patches. Additionally, manually configuring DNS servers and disabling fragmentation can help reduce the impact of potential attacks (FragAttacks).