Login Sign Up

CVE-2021-28660

8.8 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

This is a buffer overflow vulnerability in the rtl8188eu Wi-Fi driver staging code in Linux kernels up to 5.11.6. It allows writing beyond the end of the ssid[] array during scan operations, potentially leading to kernel memory corruption. Systems using the rtl8188eu driver in staging are affected, though this driver is considered unfinished work by kernel.org.

💻 Affected Systems

Products:
  • Linux kernel with rtl8188eu staging driver
Versions: Linux kernel versions through 5.11.6
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if the rtl8188eu driver is loaded (staging drivers are often not enabled by default). Embedded/IoT devices using this driver are particularly at risk.

📦 What is this software?

Cloud Backup by Netapp

View all CVEs affecting Cloud Backup →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

H300e Firmware by Netapp

View all CVEs affecting H300e Firmware →

H300s Firmware by Netapp

View all CVEs affecting H300s Firmware →

H410s Firmware by Netapp

View all CVEs affecting H410s Firmware →

H500e Firmware by Netapp

View all CVEs affecting H500e Firmware →

H500s Firmware by Netapp

View all CVEs affecting H500s Firmware →

H700e Firmware by Netapp

View all CVEs affecting H700e Firmware →

H700s Firmware by Netapp

View all CVEs affecting H700s Firmware →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Solidfire Baseboard Management Controller Firmware by Netapp

View all CVEs affecting Solidfire Baseboard Management Controller Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, kernel panic causing system crash, or arbitrary code execution in kernel context.

🟠

Likely Case

Kernel crash leading to denial of service, or limited memory corruption affecting system stability.

🟢

If Mitigated

Minimal impact if proper kernel hardening (like KASLR, SMEP, SMAP) is enabled and driver is not loaded.

🌐 Internet-Facing: LOW - Requires local access to trigger the vulnerability via Wi-Fi scanning operations.
🏢 Internal Only: MEDIUM - Local users or processes with Wi-Fi interface access could exploit this for privilege escalation or DoS.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to trigger Wi-Fi scan operations. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commit 74b6b20df8cfe90ada777d621b54c32e69e27cd7 and later versions

Vendor Advisory: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74b6b20df8cfe90ada777d621b54c32e69e27cd7

Restart Required: Yes

Instructions:

1. Update Linux kernel to version 5.11.7 or later. 2. For older kernels, backport the fix from commit 74b6b20df8cfe90ada777d621b54c32e69e27cd7. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable rtl8188eu staging driver

linux

Prevent loading of the vulnerable driver module

echo 'blacklist rtl8188eu' >> /etc/modprobe.d/blacklist-rtl8188eu.conf
rmmod rtl8188eu

Restrict Wi-Fi scanning permissions

linux

Limit which users can perform Wi-Fi scan operations

🧯 If You Can't Patch

  • Disable the rtl8188eu driver module if not needed
  • Implement strict access controls to prevent unauthorized users from accessing Wi-Fi interfaces

🔍 How to Verify

Check if Vulnerable:

Check if rtl8188eu module is loaded: lsmod | grep rtl8188eu. Check kernel version: uname -r (if ≤5.11.6)

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is >5.11.6: uname -r. Check if fix commit is present: grep -r '74b6b20df8cfe90ada777d621b54c32e69e27cd7' /usr/src/linux

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages in /var/log/kern.log or dmesg
  • System crashes or reboots after Wi-Fi operations

Network Indicators:

  • Unusual Wi-Fi scanning patterns from local users

SIEM Query:

source="kern.log" AND "Oops" AND "rtl8188eu" OR source="dmesg" AND "panic"

📊 Metadata

CVE ID: CVE-2021-28660
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: March 17, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-28660, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)