{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-47388","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-21T14:58:30.813Z","datePublished":"2024-05-21T15:03:47.574Z","dateUpdated":"2025-05-04T12:41:27.303Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T12:41:27.303Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: fix use-after-free in CCMP/GCMP RX\n\nWhen PN checking is done in mac80211, for fragmentation we need\nto copy the PN to the RX struct so we can later use it to do a\ncomparison, since commit bf30ca922a0c (\"mac80211: check defrag\nPN against current frame\").\n\nUnfortunately, in that commit I used the 'hdr' variable without\nit being necessarily valid, so use-after-free could occur if it\nwas necessary to reallocate (parts of) the frame.\n\nFix this by reloading the variable after the code that results\nin the reallocations, if any.\n\nThis fixes https://bugzilla.kernel.org/show_bug.cgi?id=214401."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/mac80211/wpa.c"],"versions":[{"version":"608b0a2ae928a74a2f89e02227339dd79cdb63cf","lessThan":"447d001b875d0e7f211c4ba004916028da994258","status":"affected","versionType":"git"},{"version":"d0f613fe6de344dc17ba04a88921a2094c13d3fa","lessThan":"31de381aef0ab1b342f62485118dc8a19363dc78","status":"affected","versionType":"git"},{"version":"a9b57952fed41556c950a92123086724eaf11919","lessThan":"f556e1d6fb9f2923a9a36f3df638c7d79ba09dbb","status":"affected","versionType":"git"},{"version":"0f716b48ed25503e6961f4b5b40ece36f7e4ed26","lessThan":"3d5d629c99c468458022e9b381789de3595bf4dd","status":"affected","versionType":"git"},{"version":"c8b3a6150dc8ac78d5fdd5fbdfc4806249ef8b2c","lessThan":"50149e0866a82cef33e680ee68dc380a5bc75d32","status":"affected","versionType":"git"},{"version":"e64ea0597050157f926ac2ba9b478a44ee5be945","lessThan":"57de2dcb18742dc2860861c9f496da7d42b67da0","status":"affected","versionType":"git"},{"version":"bf30ca922a0c0176007e074b0acc77ed345e9990","lessThan":"27d3eb5616ee2c0a3b30c3fa34813368ed1f3dc9","status":"affected","versionType":"git"},{"version":"bf30ca922a0c0176007e074b0acc77ed345e9990","lessThan":"94513069eb549737bcfc3d988d6ed4da948a2de8","status":"affected","versionType":"git"},{"version":"1f0bf30c01d3f4de7d6c5e27b102a808c5646676","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/mac80211/wpa.c"],"versions":[{"version":"5.13","status":"affected"},{"version":"0","lessThan":"5.13","status":"unaffected","versionType":"semver"},{"version":"4.4.286","lessThanOrEqual":"4.4.*","status":"unaffected","versionType":"semver"},{"version":"4.9.285","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.249","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.209","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.151","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.71","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.14.10","lessThanOrEqual":"5.14.*","status":"unaffected","versionType":"semver"},{"version":"5.15","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.271","versionEndExcluding":"4.4.286"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.271","versionEndExcluding":"4.9.285"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.235","versionEndExcluding":"4.14.249"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.193","versionEndExcluding":"4.19.209"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.124","versionEndExcluding":"5.4.151"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.42","versionEndExcluding":"5.10.71"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.13","versionEndExcluding":"5.14.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.13","versionEndExcluding":"5.15"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.12.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/447d001b875d0e7f211c4ba004916028da994258"},{"url":"https://git.kernel.org/stable/c/31de381aef0ab1b342f62485118dc8a19363dc78"},{"url":"https://git.kernel.org/stable/c/f556e1d6fb9f2923a9a36f3df638c7d79ba09dbb"},{"url":"https://git.kernel.org/stable/c/3d5d629c99c468458022e9b381789de3595bf4dd"},{"url":"https://git.kernel.org/stable/c/50149e0866a82cef33e680ee68dc380a5bc75d32"},{"url":"https://git.kernel.org/stable/c/57de2dcb18742dc2860861c9f496da7d42b67da0"},{"url":"https://git.kernel.org/stable/c/27d3eb5616ee2c0a3b30c3fa34813368ed1f3dc9"},{"url":"https://git.kernel.org/stable/c/94513069eb549737bcfc3d988d6ed4da948a2de8"}],"title":"mac80211: fix use-after-free in CCMP/GCMP RX","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:39:58.947Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/447d001b875d0e7f211c4ba004916028da994258","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/31de381aef0ab1b342f62485118dc8a19363dc78","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/f556e1d6fb9f2923a9a36f3df638c7d79ba09dbb","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/3d5d629c99c468458022e9b381789de3595bf4dd","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/50149e0866a82cef33e680ee68dc380a5bc75d32","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/57de2dcb18742dc2860861c9f496da7d42b67da0","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/27d3eb5616ee2c0a3b30c3fa34813368ed1f3dc9","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/94513069eb549737bcfc3d988d6ed4da948a2de8","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-47388","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T15:38:19.729589Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:33:43.903Z"}}]}}