CVE-2021-47065

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.12.0-rc5

Description The issue is related to an array overrun in the rtw get tx power params() function. This occurs when the value of group is 5 for channel 14, causing an out-of-bounds access in the bw40 base array. The problem arises because the dimension of bw40 base is 5, but the value of group exceeds this range. The fix involves adding the rate as an argument to rtw get channel group() and setting the group for channel 14 to 4 if the rate is less than or equal to DESC RATE11M.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the array overrun in rtw get tx power params(). Specifically, ensure that the kernel version is 5.12.0-rc5 or later. If updating is not feasible, consider applying the patch that fixes commit fa6dfe6bff24 ("rtw88: resolve order of tx power setting routines") to the affected kernel version.