Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2021-28660

Published: 17/03/2021 Updated: 09/11/2023
CVSS v2 Base Score: 8.3 | Impact Score: 10 | Exploitability Score: 6.5
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 739
Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Linux Kernel

Vulnerability Summary

rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel up to and including 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

fedoraproject fedora 33

debian debian linux 9.0

netapp cloud backup -

netapp solidfire_baseboard_management_controller_firmware -

netapp h700s_firmware -

netapp h700e_firmware -

netapp h410s_firmware -

netapp h300s_firmware -

netapp h500e_firmware -

netapp h300e_firmware -

netapp h500s_firmware -

Vendor Advisories

Red Hat: CVE-2021-28660
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linuxc in the Linux kernel through 5116 allows writing beyond the end of the ->ssid[] array NOTE: from the perspective of kernelorg releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/ ...
Amazon Linux 2: ALAS2KERNEL-5.4-2022-002
An issue was discovered in the Linux kernel Fastrpc_internal_invoke in drivers/misc/fastrpcc does not prevent user applications from sending kernel RPC messages This is a related issue to CVE-2019-2308 (CVE-2021-28375) A flaw was found in the Linux kernel The rtw_wx_set_scan driver allows writing beyond the end of the ->ssid[] array The hi ...
Amazon Linux 2: ALAS2-2021-1627
A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_bufferc in the Linux kernel before 539 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41 (CVE-2019-19060) A bypass was found for the Spectre v1 hardening in the eBPF engine of the Linux kernel The code in the kernel/bpf/verifier ...
Arch Linux Issues:
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linuxc in the Linux kernel through 5116 allows writing beyond the end of the ->ssid[] array NOTE: from the perspective of kernelorg releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/stag ...

References

CWE-787https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74b6b20df8cfe90ada777d621b54c32e69e27cd7https://lists.debian.org/debian-lts-announce/2021/03/msg00035.htmlhttps://security.netapp.com/advisory/ntap-20210507-0008/https://lists.debian.org/debian-lts-announce/2021/06/msg00020.htmlhttp://www.openwall.com/lists/oss-security/2022/11/18/1http://www.openwall.com/lists/oss-security/2022/11/21/2https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJPVQZPY3DHPV5I3IVNMSMO6D3PKZISX/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2021-28660
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook