In the Linux kernel, the following vulnerability has been resolved: mac80211: track only QoS data frames for admission control For admission control, obviously all of that only works for QoS data frames, otherwise we cannot even access the QoS field in the header. Syzbot reported (see below) an uninitialized value here due to a status of a non-QoS nullfunc packet, which isn't even long enough to contain the QoS header. Fix this to only do anything for QoS data packets.
History

Thu, 19 Dec 2024 08:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 31 Oct 2024 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Weaknesses CWE-824
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.16:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.16:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.16:rc5:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-06-19T14:54:02.310Z

Updated: 2024-12-19T07:45:35.094Z

Reserved: 2024-05-24T15:11:00.736Z

Link: CVE-2021-47602

cve-icon Vulnrichment

Updated: 2024-08-04T05:47:40.398Z

cve-icon NVD

Status : Modified

Published: 2024-06-19T15:15:54.760

Modified: 2024-11-21T06:36:38.737

Link: CVE-2021-47602

cve-icon Redhat

Severity : Low

Publid Date: 2024-06-19T00:00:00Z

Links: CVE-2021-47602 - Bugzilla