PT-2021-5499 · Linux+9 · Linux Kernel+9
Published
2021-10-31
·
Updated
2024-06-15
·
CVE-2021-43976
CVSS v2.0
4.9
Medium
| Vector | AV:L/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions through 5.15.2
Description
The issue is related to the
mwifiex usb recv function in the Linux kernel, specifically in the drivers/net/wireless/marvell/mwifiex/usb.c file. This function allows an attacker, who can connect a crafted USB device, to cause a denial of service (skb over panic). The vulnerability is associated with resource release errors.Recommendations
For Linux kernel versions through 5.15.2, consider disabling the
mwifiex usb recv function as a temporary workaround until a patch is available. Restrict access to the drivers/net/wireless/marvell/mwifiex/usb.c file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu