7.8

CVE-2021-47251

mac80211: fix skb length check in ieee80211_scan_rx()

In the Linux kernel, the following vulnerability has been resolved:

mac80211: fix skb length check in ieee80211_scan_rx()

Replace hard-coded compile-time constants for header length check
with dynamic determination based on the frame type. Otherwise, we
hit a validation WARN_ON in cfg80211 later.

[style fixes, reword commit message]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.10 < 5.10.46
LinuxLinux Kernel Version >= 5.11 < 5.12.13
LinuxLinux Kernel Version5.13 Updaterc1
LinuxLinux Kernel Version5.13 Updaterc2
LinuxLinux Kernel Version5.13 Updaterc3
LinuxLinux Kernel Version5.13 Updaterc4
LinuxLinux Kernel Version5.13 Updaterc5
LinuxLinux Kernel Version5.13 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.137
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

https://git.kernel.org/stable/c/5a1cd67a801cf5ef989c4783e07b86a25b143126
Patch
https://git.kernel.org/stable/c/d1b949c70206178b12027f66edc088d40375b5cb
Patch
https://git.kernel.org/stable/c/e298aa358f0ca658406d524b6639fe389cb6e11e
Patch