Vulnerability Details : CVE-2021-28660

rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.

Vulnerability category: Memory Corruption

Published 2021-03-17 15:15:14

Updated 2023-01-19 16:04:24

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-28660

Probability of exploitation activity in the next 30 days: 0.20%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 57 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-28660

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
8.3	HIGH	AV:A/AC:L/Au:N/C:C/I:C/A:C	6.5	10.0	[email protected]
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.8	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	[email protected]
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-28660

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: [email protected] (Primary)

References for CVE-2021-28660

http://www.openwall.com/lists/oss-security/2022/11/21/2

Third Party Advisory
https://security.netapp.com/advisory/ntap-20210507-0008/

Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74b6b20df8cfe90ada777d621b54c32e69e27cd7

Mailing List;Patch;Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html

Mailing List;Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2022/11/18/1

Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html

Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/[email protected]/message/TJPVQZPY3DHPV5I3IVNMSMO6D3PKZISX/

Mailing List;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2021-28660

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.5 and before (<) 5.10.24
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.20 and before (<) 5.4.106
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.10 and before (<) 4.14.226
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.11.7
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.12 and before (<) 4.4.262
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.5 and before (<) 4.9.262
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.15 and before (<) 4.19.181
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 33
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Matching versions
Netapp » Cloud Backup » Version: N/A
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Matching versions
Netapp » Solidfire Baseboard Management Controller Firmware » Version: N/A
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Solidfire Baseboard Management Controller » Version: N/A
Netapp » Baseboard Management Controller H300s Firmware » Version: N/A
cpe:2.3:o:netapp:baseboard_management_controller_h300s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Baseboard Management Controller H300s » Version: N/A
Netapp » Baseboard Management Controller H500s Firmware » Version: N/A
cpe:2.3:o:netapp:baseboard_management_controller_h500s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Baseboard Management Controller H500s » Version: N/A
Netapp » Baseboard Management Controller H700s Firmware » Version: N/A
cpe:2.3:o:netapp:baseboard_management_controller_h700s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Baseboard Management Controller H700s » Version: N/A
Netapp » Baseboard Management Controller H300e Firmware » Version: N/A
cpe:2.3:o:netapp:baseboard_management_controller_h300e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Baseboard Management Controller H300e » Version: N/A
Netapp » Baseboard Management Controller H500e Firmware » Version: N/A
cpe:2.3:o:netapp:baseboard_management_controller_h500e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Baseboard Management Controller H500e » Version: N/A
Netapp » Baseboard Management Controller H700e Firmware » Version: N/A
cpe:2.3:o:netapp:baseboard_management_controller_h700e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Baseboard Management Controller H700e » Version: N/A
Netapp » Baseboard Management Controller H410s Firmware » Version: N/A
cpe:2.3:o:netapp:baseboard_management_controller_h410s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Baseboard Management Controller H410s » Version: N/A