Login Sign Up

CVE-2020-26652

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in the rtl8812au Wi-Fi driver allows attackers to cause a denial of service by exploiting a flaw in the nl80211_send_chandef function. Systems using this driver for wireless network interfaces are affected. The vulnerability can crash the kernel or cause system instability.

💻 Affected Systems

Products:
  • rtl8812au driver
Versions: v5.6.4.2 and potentially earlier versions
Operating Systems: Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using the rtl8812au driver for Realtek 8812AU wireless chipsets. Requires wireless interface to be active.

📦 What is this software?

Rtl8812au Firmware by Realtek

View all CVEs affecting Rtl8812au Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to complete system crash and requiring physical reboot, potentially causing data loss or service disruption.

🟠

Likely Case

Wireless interface crash requiring driver reload or system restart, disrupting network connectivity temporarily.

🟢

If Mitigated

Minimal impact if systems are patched or workarounds applied; isolated to wireless functionality only.

🌐 Internet-Facing: MEDIUM - Attackers could potentially trigger this remotely if wireless interface is exposed, but requires specific conditions.
🏢 Internal Only: MEDIUM - Internal attackers with network access could exploit this to disrupt wireless services.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires sending crafted nl80211 messages to the wireless interface. No public exploit code has been confirmed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in later versions of rtl8812au driver

Vendor Advisory: https://github.com/aircrack-ng/rtl8812au/issues/730

Restart Required: Yes

Instructions:

1. Update rtl8812au driver to latest version from official repository. 2. Rebuild and reinstall driver. 3. Reboot system to load new driver.

🔧 Temporary Workarounds

Disable vulnerable driver

linux

Temporarily disable the rtl8812au driver to prevent exploitation

sudo modprobe -r 8812au
echo 'blacklist 8812au' | sudo tee /etc/modprobe.d/blacklist-8812au.conf

Restrict wireless interface access

linux

Limit network access to wireless interfaces using firewall rules

sudo iptables -A INPUT -i wlan0 -j DROP
sudo iptables -A OUTPUT -o wlan0 -j DROP

🧯 If You Can't Patch

  • Disable wireless functionality and use wired connections only
  • Implement strict network segmentation to isolate wireless networks

🔍 How to Verify

Check if Vulnerable:

Check driver version: lsmod | grep 8812au and verify if version is v5.6.4.2 or earlier

Check Version:

modinfo 8812au | grep version

Verify Fix Applied:

Verify updated driver version and ensure system remains stable during wireless operations

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/kern.log
  • Driver crash messages
  • Wireless interface disconnection events

Network Indicators:

  • Unusual nl80211 protocol traffic to wireless interfaces
  • Sudden wireless connectivity loss

SIEM Query:

source="kern.log" AND "panic" OR "8812au" OR "wireless driver crash"

📊 Metadata

CVE ID: CVE-2020-26652
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
Published: August 22, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-26652, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)