CVE-2021-47349

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.12.4

Description A deadlock vulnerability has been resolved in the Linux kernel. The issue occurs when the cfg80211 unregister wdev() function is called while the link is still up, causing a deadlock due to the wiphy lock being held. This can happen when the driver is removed or when the firmware is reset. The nl80211 del interface() function already handles a similar case by bringing down the link before deleting the interface. To resolve this issue, the mwifiex teardown process has been modified to bring down the link before deleting the interface.

Recommendations To resolve this issue, update the Linux kernel to a version later than 5.12.4.

Note: The provided information does not specify the exact version that contains the fix, so it is recommended to update to the latest available version.

As a temporary workaround, consider disabling the mwifiex driver until a patch is available. However, this may have significant implications for wireless connectivity and should be carefully considered before implementation.

It is also recommended to restrict access to the vulnerable mwifiex module to minimize the risk of exploitation.

Avoid using the cfg80211 unregister wdev() function in the affected kernel versions until the issue is resolved.

At the moment, there is no other information about additional mitigation measures.