CVE-2021-28660

rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.

CVSS v3 8.8 HIGH
CVSS v2.0 8.3 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

8.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:A/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 6.5 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.openwall.com/lists/oss-security/2022/11/18/1	Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/11/21/2	Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74b6b20df8cfe90ada777d621b54c32e69e27cd7	Mailing List Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJPVQZPY3DHPV5I3IVNMSMO6D3PKZISX/
https://security.netapp.com/advisory/ntap-20210507-0008/	Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/11/18/1	Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/11/21/2	Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74b6b20df8cfe90ada777d621b54c32e69e27cd7	Mailing List Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJPVQZPY3DHPV5I3IVNMSMO6D3PKZISX/
https://security.netapp.com/advisory/ntap-20210507-0008/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:00

Type	Values Removed	Values Added
References	~~() http://www.openwall.com/lists/oss-security/2022/11/18/1 - Third Party Advisory~~	() http://www.openwall.com/lists/oss-security/2022/11/18/1 - Third Party Advisory
References	~~() http://www.openwall.com/lists/oss-security/2022/11/21/2 - Third Party Advisory~~	() http://www.openwall.com/lists/oss-security/2022/11/21/2 - Third Party Advisory
References	~~() https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74b6b20df8cfe90ada777d621b54c32e69e27cd7 - Mailing List, Patch, Vendor Advisory~~	() https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74b6b20df8cfe90ada777d621b54c32e69e27cd7 - Mailing List, Patch, Vendor Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html - Mailing List, Third Party Advisory~~	() https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html - Mailing List, Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html - Mailing List, Third Party Advisory~~	() https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html - Mailing List, Third Party Advisory
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJPVQZPY3DHPV5I3IVNMSMO6D3PKZISX/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJPVQZPY3DHPV5I3IVNMSMO6D3PKZISX/ -
References	~~() https://security.netapp.com/advisory/ntap-20210507-0008/ - Third Party Advisory~~	() https://security.netapp.com/advisory/ntap-20210507-0008/ - Third Party Advisory

09 Nov 2023, 14:44

Type	Values Removed	Values Added
CPE	cpe:2.3:o:netapp:baseboard_management_controller_h700e_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h410s_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300e:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h300s_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h500s_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h500e_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700e:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h700s_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500e:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h300e_firmware:-:::::::*	cpe:2.3:h:netapp:h700s:-:::::::* cpe:2.3:o:netapp:h700e_firmware:-:::::::* cpe:2.3:h:netapp:h300e:-:::::::* cpe:2.3:h:netapp:h500s:-:::::::* cpe:2.3:o:netapp:h300e_firmware:-:::::::* cpe:2.3:o:netapp:h500e_firmware:-:::::::* cpe:2.3:h:netapp:h700e:-:::::::* cpe:2.3:h:netapp:h500e:-:::::::* cpe:2.3:h:netapp:h410s:-:::::::* cpe:2.3:o:netapp:h410s_firmware:-:::::::* cpe:2.3:o:netapp:h300s_firmware:-:::::::* cpe:2.3:o:netapp:h500s_firmware:-:::::::* cpe:2.3:o:netapp:h700s_firmware:-:::::::* cpe:2.3:h:netapp:h300s:-:::::::*
First Time		Netapp h700e Firmware Netapp h500e Firmware Netapp h410s Netapp h700s Netapp h300e Firmware Netapp h700s Firmware Netapp h300e Netapp h700e Netapp h410s Firmware Netapp h500e Netapp h300s Firmware Netapp h500s Firmware Netapp h300s Netapp h500s

07 Nov 2023, 03:32

Type	Values Removed	Values Added
References	{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJPVQZPY3DHPV5I3IVNMSMO6D3PKZISX/', 'name': 'FEDORA-2021-bb755ed5e3', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJPVQZPY3DHPV5I3IVNMSMO6D3PKZISX/ -

Information

Published : 2021-03-17 15:15

Updated : 2024-11-21 06:00

NVD link : CVE-2021-28660

Mitre link : CVE-2021-28660

CVE.ORG link : CVE-2021-28660

JSON object : View

Products Affected

debian

debian_linux

netapp

h700e_firmware
solidfire_baseboard_management_controller
h500s_firmware
cloud_backup
h500s
h700s
h500e_firmware
h410s_firmware
h700e
h700s_firmware
h300s
h300e_firmware
h500e
solidfire_baseboard_management_controller_firmware
h300s_firmware
h410s
h300e

fedoraproject

fedora

linux

linux_kernel

CWE

CWE-787

Out-of-bounds Write

8.8 /10