CVE-2021-47251 : In the Linux kernel, the following vulnerability has been resolved: mac80211: f

In the Linux kernel, the following vulnerability has been resolved: mac80211: fix skb length check in ieee80211_scan_rx() Replace hard-coded compile-time constants for header length check with dynamic determination based on the frame type. Otherwise, we hit a validation WARN_ON in cfg80211 later. [style fixes, reword commit message]

Published 2024-05-21 14:19:48

Updated 2025-04-30 15:18:22

Source Linux

View at NVD, CVE.org

Products affected by CVE-2021-47251

Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.12.13
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.10 and before (<) 5.10.46
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.13 Update RC1
cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.13 Update RC2
cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.13 Update RC3
cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.13 Update RC4
cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.13 Update RC5
cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.13 Update RC6
cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-47251

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 7 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-47251

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST	2025-04-30
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-47251

CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-47251

https://git.kernel.org/stable/c/5a1cd67a801cf5ef989c4783e07b86a25b143126

mac80211: fix skb length check in ieee80211_scan_rx() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/e298aa358f0ca658406d524b6639fe389cb6e11e

mac80211: fix skb length check in ieee80211_scan_rx() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/d1b949c70206178b12027f66edc088d40375b5cb

mac80211: fix skb length check in ieee80211_scan_rx() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2021-47251

Products affected by CVE-2021-47251

Exploit prediction scoring system (EPSS) score for CVE-2021-47251

CVSS scores for CVE-2021-47251

CWE ids for CVE-2021-47251

References for CVE-2021-47251