CVE-2021-43976Incomplete Cleanup in Kernel

CWE-459Incomplete Cleanup15 documents8 sources
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 80.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux KernelDebian LinuxFedoraproject Fedora+3 more
Timeline
PublishedNov 17
Latest updateMay 24

Description

In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 0.9 | Impact: 3.6

Affected Packages5 packages

Debianlinux/linux_kernel< 5.10.92-2+3
NVDlinux/linux_kernel5.15.2

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 34, 35

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

5
GHSA
GHSA-5hhf-r7jg-wxx3: In the Linux kernel through 52022-05-24
OSV
linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle, linux-oracle-5.13, linux-raspi vulnerabilities2022-04-20
OSV
linux-oem-5.14 vulnerabilities2022-02-22
OSV
CVE-2021-43976: In the Linux kernel through 52021-11-17
CVEList
CVE-2021-43976: In the Linux kernel through 52021-11-17

📋Vendor Advisories

9
Ubuntu
Linux kernel vulnerabilities2022-04-20
Ubuntu
Linux kernel (BlueField) vulnerabilities2022-04-13
Ubuntu
Linux kernel vulnerabilities2022-04-01
Ubuntu
Linux kernel vulnerabilities2022-03-22
Ubuntu
Linux kernel vulnerabilities2022-03-22