CVE-2021-27803

HIGH

wpa_supplicant 1.0-2.9 - Denial of Service or Remote Code Execution via P2P Provision Discovery Request

Title source: llm
STIX 2.1

Description

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.

References (9)

Core 9
Core References
Mailing List, Mitigation, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2021/02/25/3
Mailing List, Mitigation, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/02/27/1
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/03/msg00003.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2021/dsa-4898

Scores

CVSS v3 7.5
EPSS 0.0118
EPSS Percentile 64.2%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

Status published
Products (6)
debian/debian_linux 9.0
debian/debian_linux 10.0
fedoraproject/fedora 32
fedoraproject/fedora 33
fedoraproject/fedora 34
w1.fi/wpa_supplicant 1.0 - 2.10
Published Feb 26, 2021
Tracked Since Feb 18, 2026