CVE-2021-47395

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-47395
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-47395.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-47395
Related
Published
2024-05-21T15:15:24Z
Modified
2024-09-11T04:41:09.728128Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

mac80211: limit injected vht mcs/nss in ieee80211parsetx_radiotap

Limit max values for vht mcs and nss in ieee80211parsetx_radiotap routine in order to fix the following warning reported by syzbot:

WARNING: CPU: 0 PID: 10717 at include/net/mac80211.h:989 ieee80211ratesetvht include/net/mac80211.h:989 [inline] WARNING: CPU: 0 PID: 10717 at include/net/mac80211.h:989 ieee80211parsetxradiotap+0x101e/0x12d0 net/mac80211/tx.c:2244 Modules linked in: CPU: 0 PID: 10717 Comm: syz-executor.5 Not tainted 5.14.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:ieee80211ratesetvht include/net/mac80211.h:989 [inline] RIP: 0010:ieee80211parsetxradiotap+0x101e/0x12d0 net/mac80211/tx.c:2244 RSP: 0018:ffffc9000186f3e8 EFLAGS: 00010216 RAX: 0000000000000618 RBX: ffff88804ef76500 RCX: ffffc900143a5000 RDX: 0000000000040000 RSI: ffffffff888f478e RDI: 0000000000000003 RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000100 R10: ffffffff888f46f9 R11: 0000000000000000 R12: 00000000fffffff8 R13: ffff88804ef7653c R14: 0000000000000001 R15: 0000000000000004 FS: 00007fbf5718f700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2de23000 CR3: 000000006a671000 CR4: 00000000001506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 Call Trace: ieee80211monitorselectqueue+0xa6/0x250 net/mac80211/iface.c:740 netdevcorepicktx+0x169/0x2e0 net/core/dev.c:4089 devqueuexmit+0x6f9/0x3710 net/core/dev.c:4165 _bpftxskb net/core/filter.c:2114 [inline] _bpfredirectnomac net/core/filter.c:2139 [inline] _bpfredirect+0x5ba/0xd20 net/core/filter.c:2162 _bpfcloneredirect net/core/filter.c:2429 [inline] bpfcloneredirect+0x2ae/0x420 net/core/filter.c:2401 bpfprogeeb6f53a69e5c6a2+0x59/0x234 bpfdispatchernopfunc include/linux/bpf.h:717 [inline] _bpfprogrun include/linux/filter.h:624 [inline] bpfprogrun include/linux/filter.h:631 [inline] bpftestrun+0x381/0xa30 net/bpf/testrun.c:119 bpfprogtestrunskb+0xb84/0x1ee0 net/bpf/testrun.c:663 bpfprogtestrun kernel/bpf/syscall.c:3307 [inline] _sysbpf+0x2137/0x5df0 kernel/bpf/syscall.c:4605 _dosysbpf kernel/bpf/syscall.c:4691 [inline] _sesysbpf kernel/bpf/syscall.c:4689 [inline] _x64sysbpf+0x75/0xb0 kernel/bpf/syscall.c:4689 dosyscallx64 arch/x86/entry/common.c:50 [inline] dosyscall64+0x35/0xb0 arch/x86/entry/common.c:80 entrySYSCALL64afterhwframe+0x44/0xae RIP: 0033:0x4665f9

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.84-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}