CVE-2021-28660

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74b6b20df8cfe90ada777d621b54c32e69e27cd7

https://lists.fedoraproject.org/archives/list/[email protected]/message/TJPVQZPY3DHPV5I3IVNMSMO6D3PKZISX/

https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html

https://security.netapp.com/advisory/ntap-20210507-0008/

https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html

Details

Source: MITRE

Published: 2021-03-17

Updated: 2021-06-23

Type: CWE-787

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 5.11.6 (inclusive)

Configuration 2

OR

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Tenable Plugins

View all (35 total)

IDNameProductFamilySeverity
152167SUSE SLES15 Security Update : kernel (Live Patch 15 for SLE 15 SP2) (SUSE-SU-2021:2577-1)NessusSuSE Local Security Checks
high
151897Slackware 14.2 : Slackware 14.2 kernel (SSA:2021-202-01)NessusSlackware Local Security Checks
high
151756openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1977-1)NessusSuSE Local Security Checks
critical
151730openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1975-1)NessusSuSE Local Security Checks
critical
151307EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-2075)NessusHuawei Local Security Checks
high
151240EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2062)NessusHuawei Local Security Checks
high
151238EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2051)NessusHuawei Local Security Checks
high
151206SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP3) (SUSE-SU-2021:2198-1)NessusSuSE Local Security Checks
high
151167EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2021-2002)NessusHuawei Local Security Checks
high
150985Debian DLA-2689-1 : linux security updateNessusDebian Local Security Checks
high
150927SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1975-1)NessusSuSE Local Security Checks
critical
150901SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:1977-1)NessusSuSE Local Security Checks
critical
150292Ubuntu 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-4984-1)NessusUbuntu Local Security Checks
medium
150271EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1967)NessusHuawei Local Security Checks
high
150253EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2021-1971)NessusHuawei Local Security Checks
high
150155Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4979-1)NessusUbuntu Local Security Checks
medium
149892openSUSE Security Update : the Linux Kernel (openSUSE-2021-758)NessusSuSE Local Security Checks
critical
149717SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1624-1)NessusSuSE Local Security Checks
high
149716SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1623-1)NessusSuSE Local Security Checks
high
149661Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel (Raspberry Pi) vulnerabilities (USN-4945-2)NessusUbuntu Local Security Checks
high
149633SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1617-1)NessusSuSE Local Security Checks
high
149607EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-1879)NessusHuawei Local Security Checks
high
149491SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1596-1)NessusSuSE Local Security Checks
high
149462SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1573-1)NessusSuSE Local Security Checks
high
149416Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4945-1)NessusUbuntu Local Security Checks
high
148919Amazon Linux 2 : kernel (ALAS-2021-1627)NessusAmazon Linux Local Security Checks
high
148747SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:1238-1)NessusSuSE Local Security Checks
critical
148700SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1210-1)NessusSuSE Local Security Checks
high
148698SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1211-1)NessusSuSE Local Security Checks
critical
148509SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1175-1)NessusSuSE Local Security Checks
medium
148438openSUSE Security Update : the Linux Kernel (openSUSE-2021-532)NessusSuSE Local Security Checks
critical
148294Photon OS 1.0: Linux PHSA-2021-1.0-0375NessusPhotonOS Local Security Checks
high
148289Photon OS 2.0: Linux PHSA-2021-2.0-0332NessusPhotonOS Local Security Checks
high
148254Debian DLA-2610-1 : linux-4.19 security updateNessusDebian Local Security Checks
high
147932Fedora 33 : kernel / kernel-headers / kernel-tools (2021-bb755ed5e3)NessusFedora Local Security Checks
high