#VU61215 Input validation error in Linux kernel


Published: 2022-03-09

Vulnerability identifier: #VU61215

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-43976

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor:

Description

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the mwifiex_usb_recv() function in drivers/net/wireless/marvell/mwifiex/usb.c in Linux kernel. An attacker with physical access to the system can insert a specially crafted USB device and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://patchwork.kernel.org/project/linux-wireless/patch/YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X24M7KDC4OJOZNS3RDSYC7ELNELOLQ2N/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YODMYMGZYDXQKGJGX7TJG4XV4L5YLLBD/
http://security.netapp.com/advisory/ntap-20211210-0001/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in Oracle VM Server for x86
Multiple vulnerabilities in Red Hat Migration Toolkit for Containers (MTC)
Multiple vulnerabilities in Red Hat Advanced Cluster Management 2.3
Multiple vulnerabilities in Red Hat Advanced Cluster Management 2.4
Red Hat Enterprise Linux 8 update for kernel
Red Hat Enterprise Linux 8 update for kernel-rt
Ubuntu update for linux
Ubuntu update for linux-bluefield
Ubuntu update for linux
Ubuntu update for linux