CVE-2021-47251

In the Linux kernel, the following vulnerability has been resolved: mac80211: fix skb length check in ieee80211_scan_rx() Replace hard-coded compile-time constants for header length check with dynamic determination based on the frame type. Otherwise, we hit a validation WARN_ON in cfg80211 later. [style fixes, reword commit message]

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/5a1cd67a801cf5ef989c4783e07b86a25b143126	Patch
https://git.kernel.org/stable/c/d1b949c70206178b12027f66edc088d40375b5cb	Patch
https://git.kernel.org/stable/c/e298aa358f0ca658406d524b6639fe389cb6e11e	Patch
https://git.kernel.org/stable/c/5a1cd67a801cf5ef989c4783e07b86a25b143126	Patch
https://git.kernel.org/stable/c/d1b949c70206178b12027f66edc088d40375b5cb	Patch
https://git.kernel.org/stable/c/e298aa358f0ca658406d524b6639fe389cb6e11e	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.13:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.13:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.13:rc3::::::
	cpe:2.3:o:linux:linux_kernel:5.13:rc4::::::
	cpe:2.3:o:linux:linux_kernel:5.13:rc5::::::
	cpe:2.3:o:linux:linux_kernel:5.13:rc6::::::

History

No history.

Information

Published : 2024-05-21 15:15

Updated : 2025-04-30 15:18

NVD link : CVE-2021-47251

Mitre link : CVE-2021-47251

CVE.ORG link : CVE-2021-47251

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-1284

Improper Validation of Specified Quantity in Input

{"id": "CVE-2021-47251", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-05-21T15:15:14.007", "references": [{"url": "https://git.kernel.org/stable/c/5a1cd67a801cf5ef989c4783e07b86a25b143126", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d1b949c70206178b12027f66edc088d40375b5cb", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e298aa358f0ca658406d524b6639fe389cb6e11e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5a1cd67a801cf5ef989c4783e07b86a25b143126", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/d1b949c70206178b12027f66edc088d40375b5cb", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/e298aa358f0ca658406d524b6639fe389cb6e11e", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-1284"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: fix skb length check in ieee80211_scan_rx()\n\nReplace hard-coded compile-time constants for header length check\nwith dynamic determination based on the frame type. Otherwise, we\nhit a validation WARN_ON in cfg80211 later.\n\n[style fixes, reword commit message]"}, {"lang": "es", "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mac80211: corrige la verificaci\u00f3n de longitud de skb en ieee80211_scan_rx() Reemplace las constantes de tiempo de compilaci\u00f3n codificadas para la verificaci\u00f3n de la longitud del encabezado con determinaci\u00f3n din\u00e1mica basada en el tipo de trama. De lo contrario, obtendremos un WARN_ON de validaci\u00f3n en cfg80211 m\u00e1s adelante. [correcciones de estilo, reformular mensaje de confirmaci\u00f3n]"}], "lastModified": "2025-04-30T15:18:22.460", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD0C8733-D75B-4E30-9D46-CFE48CF2CC1E", "versionEndExcluding": "5.10.46", "versionStartIncluding": "5.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7806E7E5-6D4F-4E18-81C1-79B3C60EE855", "versionEndExcluding": "5.12.13", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF351855-2437-4CF5-AD7C-BDFA51F27683"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25A855BA-2118-44F2-90EF-EBBB12AF51EF"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}