{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-47395","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-21T14:58:30.814Z","datePublished":"2024-05-21T15:03:52.151Z","dateUpdated":"2025-05-04T07:10:05.071Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:10:05.071Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap\n\nLimit max values for vht mcs and nss in ieee80211_parse_tx_radiotap\nroutine in order to fix the following warning reported by syzbot:\n\nWARNING: CPU: 0 PID: 10717 at include/net/mac80211.h:989 ieee80211_rate_set_vht include/net/mac80211.h:989 [inline]\nWARNING: CPU: 0 PID: 10717 at include/net/mac80211.h:989 ieee80211_parse_tx_radiotap+0x101e/0x12d0 net/mac80211/tx.c:2244\nModules linked in:\nCPU: 0 PID: 10717 Comm: syz-executor.5 Not tainted 5.14.0-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nRIP: 0010:ieee80211_rate_set_vht include/net/mac80211.h:989 [inline]\nRIP: 0010:ieee80211_parse_tx_radiotap+0x101e/0x12d0 net/mac80211/tx.c:2244\nRSP: 0018:ffffc9000186f3e8 EFLAGS: 00010216\nRAX: 0000000000000618 RBX: ffff88804ef76500 RCX: ffffc900143a5000\nRDX: 0000000000040000 RSI: ffffffff888f478e RDI: 0000000000000003\nRBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000100\nR10: ffffffff888f46f9 R11: 0000000000000000 R12: 00000000fffffff8\nR13: ffff88804ef7653c R14: 0000000000000001 R15: 0000000000000004\nFS:  00007fbf5718f700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b2de23000 CR3: 000000006a671000 CR4: 00000000001506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600\nCall Trace:\n ieee80211_monitor_select_queue+0xa6/0x250 net/mac80211/iface.c:740\n netdev_core_pick_tx+0x169/0x2e0 net/core/dev.c:4089\n __dev_queue_xmit+0x6f9/0x3710 net/core/dev.c:4165\n __bpf_tx_skb net/core/filter.c:2114 [inline]\n __bpf_redirect_no_mac net/core/filter.c:2139 [inline]\n __bpf_redirect+0x5ba/0xd20 net/core/filter.c:2162\n ____bpf_clone_redirect net/core/filter.c:2429 [inline]\n bpf_clone_redirect+0x2ae/0x420 net/core/filter.c:2401\n bpf_prog_eeb6f53a69e5c6a2+0x59/0x234\n bpf_dispatcher_nop_func include/linux/bpf.h:717 [inline]\n __bpf_prog_run include/linux/filter.h:624 [inline]\n bpf_prog_run include/linux/filter.h:631 [inline]\n bpf_test_run+0x381/0xa30 net/bpf/test_run.c:119\n bpf_prog_test_run_skb+0xb84/0x1ee0 net/bpf/test_run.c:663\n bpf_prog_test_run kernel/bpf/syscall.c:3307 [inline]\n __sys_bpf+0x2137/0x5df0 kernel/bpf/syscall.c:4605\n __do_sys_bpf kernel/bpf/syscall.c:4691 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:4689 [inline]\n __x64_sys_bpf+0x75/0xb0 kernel/bpf/syscall.c:4689\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x4665f9"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/mac80211/tx.c"],"versions":[{"version":"646e76bb5daf4ca38438c69ffb72cccb605f3466","lessThan":"e5bb852aa2ad963074f0ad73030dbc20a30853e3","status":"affected","versionType":"git"},{"version":"646e76bb5daf4ca38438c69ffb72cccb605f3466","lessThan":"ce5f372f5f084ff51c285fc27b232f15a3d00f0b","status":"affected","versionType":"git"},{"version":"646e76bb5daf4ca38438c69ffb72cccb605f3466","lessThan":"76538c7b4df314bb937e44c5cb1782f37d47443c","status":"affected","versionType":"git"},{"version":"646e76bb5daf4ca38438c69ffb72cccb605f3466","lessThan":"ab85997465b972d39d9747fc16311fa5773374b2","status":"affected","versionType":"git"},{"version":"646e76bb5daf4ca38438c69ffb72cccb605f3466","lessThan":"1282bb00835ff79d2d9c023055d514df5b4de260","status":"affected","versionType":"git"},{"version":"646e76bb5daf4ca38438c69ffb72cccb605f3466","lessThan":"997ee230e4f5285cd98445c102d9033c7ec4814b","status":"affected","versionType":"git"},{"version":"646e76bb5daf4ca38438c69ffb72cccb605f3466","lessThan":"13cb6d826e0ac0d144b0d48191ff1a111d32f0c6","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/mac80211/tx.c"],"versions":[{"version":"4.7","status":"affected"},{"version":"0","lessThan":"4.7","status":"unaffected","versionType":"semver"},{"version":"4.9.285","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.249","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.209","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.151","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.71","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.14.10","lessThanOrEqual":"5.14.*","status":"unaffected","versionType":"semver"},{"version":"5.15","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"4.9.285"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"4.14.249"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"4.19.209"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"5.4.151"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"5.10.71"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"5.14.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"5.15"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e5bb852aa2ad963074f0ad73030dbc20a30853e3"},{"url":"https://git.kernel.org/stable/c/ce5f372f5f084ff51c285fc27b232f15a3d00f0b"},{"url":"https://git.kernel.org/stable/c/76538c7b4df314bb937e44c5cb1782f37d47443c"},{"url":"https://git.kernel.org/stable/c/ab85997465b972d39d9747fc16311fa5773374b2"},{"url":"https://git.kernel.org/stable/c/1282bb00835ff79d2d9c023055d514df5b4de260"},{"url":"https://git.kernel.org/stable/c/997ee230e4f5285cd98445c102d9033c7ec4814b"},{"url":"https://git.kernel.org/stable/c/13cb6d826e0ac0d144b0d48191ff1a111d32f0c6"}],"title":"mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-47395","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-05-21T17:32:58.211657Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:13:28.811Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:39:59.195Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/e5bb852aa2ad963074f0ad73030dbc20a30853e3","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ce5f372f5f084ff51c285fc27b232f15a3d00f0b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/76538c7b4df314bb937e44c5cb1782f37d47443c","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ab85997465b972d39d9747fc16311fa5773374b2","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/1282bb00835ff79d2d9c023055d514df5b4de260","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/997ee230e4f5285cd98445c102d9033c7ec4814b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/13cb6d826e0ac0d144b0d48191ff1a111d32f0c6","tags":["x_transferred"]}]}]}}