CVE-2021-47395
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/05/2024
Last modified:
25/09/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap<br />
<br />
Limit max values for vht mcs and nss in ieee80211_parse_tx_radiotap<br />
routine in order to fix the following warning reported by syzbot:<br />
<br />
WARNING: CPU: 0 PID: 10717 at include/net/mac80211.h:989 ieee80211_rate_set_vht include/net/mac80211.h:989 [inline]<br />
WARNING: CPU: 0 PID: 10717 at include/net/mac80211.h:989 ieee80211_parse_tx_radiotap+0x101e/0x12d0 net/mac80211/tx.c:2244<br />
Modules linked in:<br />
CPU: 0 PID: 10717 Comm: syz-executor.5 Not tainted 5.14.0-syzkaller #0<br />
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011<br />
RIP: 0010:ieee80211_rate_set_vht include/net/mac80211.h:989 [inline]<br />
RIP: 0010:ieee80211_parse_tx_radiotap+0x101e/0x12d0 net/mac80211/tx.c:2244<br />
RSP: 0018:ffffc9000186f3e8 EFLAGS: 00010216<br />
RAX: 0000000000000618 RBX: ffff88804ef76500 RCX: ffffc900143a5000<br />
RDX: 0000000000040000 RSI: ffffffff888f478e RDI: 0000000000000003<br />
RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000100<br />
R10: ffffffff888f46f9 R11: 0000000000000000 R12: 00000000fffffff8<br />
R13: ffff88804ef7653c R14: 0000000000000001 R15: 0000000000000004<br />
FS: 00007fbf5718f700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000<br />
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br />
CR2: 0000001b2de23000 CR3: 000000006a671000 CR4: 00000000001506f0<br />
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br />
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600<br />
Call Trace:<br />
ieee80211_monitor_select_queue+0xa6/0x250 net/mac80211/iface.c:740<br />
netdev_core_pick_tx+0x169/0x2e0 net/core/dev.c:4089<br />
__dev_queue_xmit+0x6f9/0x3710 net/core/dev.c:4165<br />
__bpf_tx_skb net/core/filter.c:2114 [inline]<br />
__bpf_redirect_no_mac net/core/filter.c:2139 [inline]<br />
__bpf_redirect+0x5ba/0xd20 net/core/filter.c:2162<br />
____bpf_clone_redirect net/core/filter.c:2429 [inline]<br />
bpf_clone_redirect+0x2ae/0x420 net/core/filter.c:2401<br />
bpf_prog_eeb6f53a69e5c6a2+0x59/0x234<br />
bpf_dispatcher_nop_func include/linux/bpf.h:717 [inline]<br />
__bpf_prog_run include/linux/filter.h:624 [inline]<br />
bpf_prog_run include/linux/filter.h:631 [inline]<br />
bpf_test_run+0x381/0xa30 net/bpf/test_run.c:119<br />
bpf_prog_test_run_skb+0xb84/0x1ee0 net/bpf/test_run.c:663<br />
bpf_prog_test_run kernel/bpf/syscall.c:3307 [inline]<br />
__sys_bpf+0x2137/0x5df0 kernel/bpf/syscall.c:4605<br />
__do_sys_bpf kernel/bpf/syscall.c:4691 [inline]<br />
__se_sys_bpf kernel/bpf/syscall.c:4689 [inline]<br />
__x64_sys_bpf+0x75/0xb0 kernel/bpf/syscall.c:4689<br />
do_syscall_x64 arch/x86/entry/common.c:50 [inline]<br />
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80<br />
entry_SYSCALL_64_after_hwframe+0x44/0xae<br />
RIP: 0033:0x4665f9
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.7 (including) | 4.9.285 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.10 (including) | 4.14.249 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.15 (including) | 4.19.209 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.151 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.71 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.14.10 (excluding) |
| cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1282bb00835ff79d2d9c023055d514df5b4de260
- https://git.kernel.org/stable/c/13cb6d826e0ac0d144b0d48191ff1a111d32f0c6
- https://git.kernel.org/stable/c/76538c7b4df314bb937e44c5cb1782f37d47443c
- https://git.kernel.org/stable/c/997ee230e4f5285cd98445c102d9033c7ec4814b
- https://git.kernel.org/stable/c/ab85997465b972d39d9747fc16311fa5773374b2
- https://git.kernel.org/stable/c/ce5f372f5f084ff51c285fc27b232f15a3d00f0b
- https://git.kernel.org/stable/c/e5bb852aa2ad963074f0ad73030dbc20a30853e3
- https://git.kernel.org/stable/c/1282bb00835ff79d2d9c023055d514df5b4de260
- https://git.kernel.org/stable/c/13cb6d826e0ac0d144b0d48191ff1a111d32f0c6
- https://git.kernel.org/stable/c/76538c7b4df314bb937e44c5cb1782f37d47443c
- https://git.kernel.org/stable/c/997ee230e4f5285cd98445c102d9033c7ec4814b
- https://git.kernel.org/stable/c/ab85997465b972d39d9747fc16311fa5773374b2
- https://git.kernel.org/stable/c/ce5f372f5f084ff51c285fc27b232f15a3d00f0b
- https://git.kernel.org/stable/c/e5bb852aa2ad963074f0ad73030dbc20a30853e3