CVE-2021-28660
HIGHLinux Kernel 3.12-5.11.6 - Out-of-bounds Write in rtw_wx_set_scan
Title source: llmDescription
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.
References (7)
Core 7
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJPVQZPY3DHPV5I3IVNMSMO6D3PKZISX/
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2022/11/18/1
Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2022/11/21/2
Mailing List, Patch, Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74b6b20df8cfe90ada777d621b54c32e69e27cd7
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210507-0008/
Scores
CVSS v3
8.8
EPSS
0.0032
EPSS Percentile
55.0%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (12)
debian/debian_linux
9.0
fedoraproject/fedora
33
linux/linux_kernel
3.12 - 4.4.262
netapp/cloud_backup
netapp/h300e_firmware
netapp/h300s_firmware
netapp/h410s_firmware
netapp/h500e_firmware
netapp/h500s_firmware
netapp/h700e_firmware
... and 2 more
Published
Mar 17, 2021
Tracked Since
Feb 18, 2026