7.8
CVE-2021-47194
- EPSS 0.02%
- Published 10.04.2024 19:15:47
- Last modified 21.11.2024 06:35:36
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Open
LoginIn the Linux kernel, the following vulnerability has been resolved: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type If the userspace tools switch from NL80211_IFTYPE_P2P_GO to NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), it does not call the cleanup cfg80211_stop_ap(), this leads to the initialization of in-use data. For example, this path re-init the sdata->assigned_chanctx_list while it is still an element of assigned_vifs list, and makes that linked list corrupt.
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.6.0 < 4.4.293
Linux ≫ Linux Kernel Version >= 4.5.0 < 4.9.291
Linux ≫ Linux Kernel Version >= 4.10.0 < 4.14.256
Linux ≫ Linux Kernel Version >= 4.15.0 < 4.19.218
Linux ≫ Linux Kernel Version >= 4.20.0 < 5.4.162
Linux ≫ Linux Kernel Version >= 5.5.0 < 5.10.82
Linux ≫ Linux Kernel Version >= 5.11.0 < 5.15.5
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.033 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-665 Improper Initialization
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.