PT-2021-8035 · Linux+4 · Linux Kernel+4

Published

2021-11-15

Updated

2024-08-20

CVE-2021-47194

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the cfg80211 function in the Linux kernel, where switching from P2P GO type to ADHOC type via send msg(NL80211 CMD SET INTERFACE) does not call the cleanup function cfg80211 stop ap(), leading to the initialization of in-use data. This can cause the linked list to become corrupt. For example, the path re-initializes the sdata->assigned chanctx list while it is still an element of the assigned vifs list.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-665

Related Identifiers

BDU:2024-03691

CVE-2021-47194

OESA-2024-1526

OESA-2024-1535

OPENSUSE-SU-2024_1641-1

OPENSUSE-SU-2024_1642-1

OPENSUSE-SU-2024_1644-1

OPENSUSE-SU-2024_1659-1

OPENSUSE-SU-2024_1663-1

SUSE-SU-2024:1641-1

SUSE-SU-2024:1642-1

SUSE-SU-2024:1644-1

SUSE-SU-2024:1645-1

SUSE-SU-2024:1647-1

SUSE-SU-2024:1650-1

SUSE-SU-2024:1659-1

SUSE-SU-2024:1663-1

SUSE-SU-2024:2892-1

SUSE-SU-2024:2901-1

SUSE-SU-2024:2940-1

SUSE-SU-2024_2892-1

USN-6938-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

Ubuntu

PT-2021-8035 · Linux+4 · Linux Kernel+4

CVE-2021-47194

Weakness Enumeration

Related Identifiers

Affected Products

References · 1016