Linux Kernel A-MSDU Spoofing Vulnerability Mitigation in Mesh Networks

A vulnerability allowing A-MSDU spoofing in mesh networks has been addressed in the Linux kernel. This issue arises from the IEEE 802.11 standard's initial response to FragAttacks, which overlooked mesh network scenarios. The vulnerability can be viewed as a variant of CVE-2020-24588, specifically for mesh networks. The patch works by identifying if a standard MSDU has been maliciously converted into an A-MSDU by an adversary. This is achieved by analyzing the A-MSDU as a regular MSDU, calculating the Mesh Control header length, and checking if the subsequent six bytes match the beginning of an RFC1042 header. A match indicates a potential attack. The patch has been tested in various mesh network configurations using mac80211_hwsim, confirming its effectiveness against A-MSDU spoofing attacks.

Impact

The vulnerability being patched allows for A-MSDU spoofing attacks in mesh networks, which could disrupt normal network operations by misrepresenting the status or behavior of network traffic.

Reproduction

The vulnerability can be reproduced by sending A-MSDU frames that have been maliciously crafted to spoof standard MSDU frames in a mesh network. This can be done using the mac80211_hwsim simulation tool, which can emulate wireless network behavior and apply the A-MSDU spoofing attack. The attack can be tested when the Mesh Address Extension field is empty or when it contains 12 bytes, effectively using six addresses.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.