{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47388", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T14:58:30.813Z", "datePublished": "2024-05-21T15:03:47.574Z", "dateUpdated": "2024-11-04T12:04:56.237Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:04:56.237Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: fix use-after-free in CCMP/GCMP RX\n\nWhen PN checking is done in mac80211, for fragmentation we need\nto copy the PN to the RX struct so we can later use it to do a\ncomparison, since commit bf30ca922a0c (\"mac80211: check defrag\nPN against current frame\").\n\nUnfortunately, in that commit I used the 'hdr' variable without\nit being necessarily valid, so use-after-free could occur if it\nwas necessary to reallocate (parts of) the frame.\n\nFix this by reloading the variable after the code that results\nin the reallocations, if any.\n\nThis fixes https://bugzilla.kernel.org/show_bug.cgi?id=214401."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/mac80211/wpa.c"], "versions": [{"version": "608b0a2ae928", "lessThan": "447d001b875d", "status": "affected", "versionType": "git"}, {"version": "d0f613fe6de3", "lessThan": "31de381aef0a", "status": "affected", "versionType": "git"}, {"version": "a9b57952fed4", "lessThan": "f556e1d6fb9f", "status": "affected", "versionType": "git"}, {"version": "0f716b48ed25", "lessThan": "3d5d629c99c4", "status": "affected", "versionType": "git"}, {"version": "c8b3a6150dc8", "lessThan": "50149e0866a8", "status": "affected", "versionType": "git"}, {"version": "e64ea0597050", "lessThan": "57de2dcb1874", "status": "affected", "versionType": "git"}, {"version": "bf30ca922a0c", "lessThan": "27d3eb5616ee", "status": "affected", "versionType": "git"}, {"version": "bf30ca922a0c", "lessThan": "94513069eb54", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/mac80211/wpa.c"], "versions": [{"version": "5.13", "status": "affected"}, {"version": "0", "lessThan": "5.13", "status": "unaffected", "versionType": "semver"}, {"version": "4.4.286", "lessThanOrEqual": "4.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.285", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.249", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.209", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.151", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.71", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.14.10", "lessThanOrEqual": "5.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/447d001b875d0e7f211c4ba004916028da994258"}, {"url": "https://git.kernel.org/stable/c/31de381aef0ab1b342f62485118dc8a19363dc78"}, {"url": "https://git.kernel.org/stable/c/f556e1d6fb9f2923a9a36f3df638c7d79ba09dbb"}, {"url": "https://git.kernel.org/stable/c/3d5d629c99c468458022e9b381789de3595bf4dd"}, {"url": "https://git.kernel.org/stable/c/50149e0866a82cef33e680ee68dc380a5bc75d32"}, {"url": "https://git.kernel.org/stable/c/57de2dcb18742dc2860861c9f496da7d42b67da0"}, {"url": "https://git.kernel.org/stable/c/27d3eb5616ee2c0a3b30c3fa34813368ed1f3dc9"}, {"url": "https://git.kernel.org/stable/c/94513069eb549737bcfc3d988d6ed4da948a2de8"}], "title": "mac80211: fix use-after-free in CCMP/GCMP RX", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:58.947Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/447d001b875d0e7f211c4ba004916028da994258", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/31de381aef0ab1b342f62485118dc8a19363dc78", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f556e1d6fb9f2923a9a36f3df638c7d79ba09dbb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3d5d629c99c468458022e9b381789de3595bf4dd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/50149e0866a82cef33e680ee68dc380a5bc75d32", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/57de2dcb18742dc2860861c9f496da7d42b67da0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/27d3eb5616ee2c0a3b30c3fa34813368ed1f3dc9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/94513069eb549737bcfc3d988d6ed4da948a2de8", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47388", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:38:19.729589Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:43.903Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/447d001b875d0e7f211c4ba004916028da994258", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/31de381aef0ab1b342f62485118dc8a19363dc78", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f556e1d6fb9f2923a9a36f3df638c7d79ba09dbb", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3d5d629c99c468458022e9b381789de3595bf4dd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/50149e0866a82cef33e680ee68dc380a5bc75d32", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/57de2dcb18742dc2860861c9f496da7d42b67da0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/27d3eb5616ee2c0a3b30c3fa34813368ed1f3dc9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/94513069eb549737bcfc3d988d6ed4da948a2de8", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:58.947Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47388", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:38:19.729589Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:18.385Z"}}], "cna": {"title": "mac80211: fix use-after-free in CCMP/GCMP RX", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "608b0a2ae928", "lessThan": "447d001b875d", "versionType": "git"}, {"status": "affected", "version": "d0f613fe6de3", "lessThan": "31de381aef0a", "versionType": "git"}, {"status": "affected", "version": "a9b57952fed4", "lessThan": "f556e1d6fb9f", "versionType": "git"}, {"status": "affected", "version": "0f716b48ed25", "lessThan": "3d5d629c99c4", "versionType": "git"}, {"status": "affected", "version": "c8b3a6150dc8", "lessThan": "50149e0866a8", "versionType": "git"}, {"status": "affected", "version": "e64ea0597050", "lessThan": "57de2dcb1874", "versionType": "git"}, {"status": "affected", "version": "bf30ca922a0c", "lessThan": "27d3eb5616ee", "versionType": "git"}, {"status": "affected", "version": "bf30ca922a0c", "lessThan": "94513069eb54", "versionType": "git"}], "programFiles": ["net/mac80211/wpa.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.13"}, {"status": "unaffected", "version": "0", "lessThan": "5.13", "versionType": "semver"}, {"status": "unaffected", "version": "4.4.286", "versionType": "semver", "lessThanOrEqual": "4.4.*"}, {"status": "unaffected", "version": "4.9.285", "versionType": "semver", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.249", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.209", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.151", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.71", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.14.10", "versionType": "semver", "lessThanOrEqual": "5.14.*"}, {"status": "unaffected", "version": "5.15", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/mac80211/wpa.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/447d001b875d0e7f211c4ba004916028da994258"}, {"url": "https://git.kernel.org/stable/c/31de381aef0ab1b342f62485118dc8a19363dc78"}, {"url": "https://git.kernel.org/stable/c/f556e1d6fb9f2923a9a36f3df638c7d79ba09dbb"}, {"url": "https://git.kernel.org/stable/c/3d5d629c99c468458022e9b381789de3595bf4dd"}, {"url": "https://git.kernel.org/stable/c/50149e0866a82cef33e680ee68dc380a5bc75d32"}, {"url": "https://git.kernel.org/stable/c/57de2dcb18742dc2860861c9f496da7d42b67da0"}, {"url": "https://git.kernel.org/stable/c/27d3eb5616ee2c0a3b30c3fa34813368ed1f3dc9"}, {"url": "https://git.kernel.org/stable/c/94513069eb549737bcfc3d988d6ed4da948a2de8"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: fix use-after-free in CCMP/GCMP RX\n\nWhen PN checking is done in mac80211, for fragmentation we need\nto copy the PN to the RX struct so we can later use it to do a\ncomparison, since commit bf30ca922a0c (\"mac80211: check defrag\nPN against current frame\").\n\nUnfortunately, in that commit I used the 'hdr' variable without\nit being necessarily valid, so use-after-free could occur if it\nwas necessary to reallocate (parts of) the frame.\n\nFix this by reloading the variable after the code that results\nin the reallocations, if any.\n\nThis fixes https://bugzilla.kernel.org/show_bug.cgi?id=214401."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:04:56.237Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47388", "state": "PUBLISHED", "dateUpdated": "2024-11-04T12:04:56.237Z", "dateReserved": "2024-05-21T14:58:30.813Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T15:03:47.574Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: fix use-after-free in CCMP/GCMP RX\n\nWhen PN checking is done in mac80211, for fragmentation we need\nto copy the PN to the RX struct so we can later use it to do a\ncomparison, since commit bf30ca922a0c (\"mac80211: check defrag\nPN against current frame\").\n\nUnfortunately, in that commit I used the 'hdr' variable without\nit being necessarily valid, so use-after-free could occur if it\nwas necessary to reallocate (parts of) the frame.\n\nFix this by reloading the variable after the code that results\nin the reallocations, if any.\n\nThis fixes https://bugzilla.kernel.org/show_bug.cgi?id=214401."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mac80211: corrige el use after free en CCMP/GCMP RX. Cuando se realiza la verificaci\u00f3n de PN en mac80211, para la fragmentaci\u00f3n necesitamos copiar el PN a la estructura RX para poder usarlo m\u00e1s tarde. para hacer una comparaci\u00f3n, desde la confirmaci\u00f3n bf30ca922a0c (\"mac80211: verifique la desfragmentaci\u00f3n PN con el marco actual\"). Desafortunadamente, en esa confirmaci\u00f3n utilic\u00e9 la variable 'hdr' sin que fuera necesariamente v\u00e1lida, por lo que podr\u00eda ocurrir un use after free si fuera necesario reasignar (partes de) el marco. Solucione este problema recargando la variable despu\u00e9s del c\u00f3digo que da como resultado las reasignaciones, si corresponde. Esto corrige https://bugzilla.kernel.org/show_bug.cgi?id=214401."}], "id": "CVE-2021-47388", "lastModified": "2024-05-21T16:54:26.047", "metrics": {}, "published": "2024-05-21T15:15:24.257", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/27d3eb5616ee2c0a3b30c3fa34813368ed1f3dc9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/31de381aef0ab1b342f62485118dc8a19363dc78"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3d5d629c99c468458022e9b381789de3595bf4dd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/447d001b875d0e7f211c4ba004916028da994258"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/50149e0866a82cef33e680ee68dc380a5bc75d32"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/57de2dcb18742dc2860861c9f496da7d42b67da0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/94513069eb549737bcfc3d988d6ed4da948a2de8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f556e1d6fb9f2923a9a36f3df638c7d79ba09dbb"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: mac80211: fix use-after-free in CCMP/GCMP RX", "id": "2282352", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282352"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmac80211: fix use-after-free in CCMP/GCMP RX\nWhen PN checking is done in mac80211, for fragmentation we need\nto copy the PN to the RX struct so we can later use it to do a\ncomparison, since commit bf30ca922a0c (\"mac80211: check defrag\nPN against current frame\").\nUnfortunately, in that commit I used the 'hdr' variable without\nit being necessarily valid, so use-after-free could occur if it\nwas necessary to reallocate (parts of) the frame.\nFix this by reloading the variable after the code that results\nin the reallocations, if any.\nThis fixes https://bugzilla.kernel.org/show_bug.cgi?id=214401."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2021-47388", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47388\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47388\nhttps://lore.kernel.org/linux-cve-announce/2024052145-CVE-2021-47388-5715@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 4.4.286, kernel 4.9.285, kernel 4.14.249, kernel 4.19.209, kernel 5.4.151, kernel 5.10.71, kernel 5.14.10, kernel 5.15"}