Login Sign Up

CVE-2021-47065

7.8 HIGH
Denial of Service

📋 TL;DR

This is an array index out-of-bounds vulnerability in the Linux kernel's Realtek rtw88 wireless driver. It allows local attackers to cause kernel memory corruption when scanning wireless networks, potentially leading to system crashes or privilege escalation. Systems using Realtek wireless chips with the affected driver are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel with Realtek rtw88 wireless driver
Versions: Linux kernel versions containing commit fa6dfe6bff24 up to patches fixing CVE-2021-47065
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with Realtek wireless hardware using the rtw88 driver, specifically when operating on channel 14 with certain data rates.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to denial of service, or potential privilege escalation through memory corruption leading to arbitrary code execution in kernel context.

🟠

Likely Case

System crash or kernel panic when wireless scanning occurs on channel 14, causing denial of service.

🟢

If Mitigated

Minor performance impact or failed wireless operations on specific channels if proper bounds checking is implemented.

🌐 Internet-Facing: LOW - This requires local access to trigger the vulnerability.
🏢 Internal Only: MEDIUM - Local users or processes can trigger the vulnerability, potentially causing system instability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW - Triggering requires local access and wireless scanning on specific channel.

The vulnerability was discovered through UBSAN (Undefined Behavior Sanitizer) testing, suggesting it may not be actively exploited in the wild.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel versions with fixes from the provided git commits

Vendor Advisory: https://git.kernel.org/stable/c/2ff25985ea9ccc6c9af2c77b0b49045adcc62e0e

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Rebuild kernel if using custom kernel. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable affected wireless interface

linux

Prevent use of the vulnerable rtw88 driver by disabling the wireless interface

sudo ip link set wlan0 down
sudo rfkill block wifi

Blacklist rtw88 module

linux

Prevent loading of the vulnerable driver module

echo 'blacklist rtw88_core' | sudo tee /etc/modprobe.d/blacklist-rtw88.conf
sudo update-initramfs -u
sudo reboot

🧯 If You Can't Patch

  • Restrict wireless scanning capabilities to prevent triggering the vulnerability
  • Use alternative wireless hardware or drivers if available

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if rtw88 module is loaded: 'uname -r' and 'lsmod | grep rtw88'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated beyond vulnerable range and check for presence of fix commits in kernel source

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • UBSAN array-index-out-of-bounds warnings
  • Wireless driver crash messages

Network Indicators:

  • Unexpected wireless interface disconnections
  • Failed scan operations on channel 14

SIEM Query:

kernel: "array-index-out-of-bounds" OR "rtw88" AND "panic" OR "Oops"

📊 Metadata

CVE ID: CVE-2021-47065
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-129
Published: February 29, 2024
Last Updated: December 10, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47065, you might also want to check these:

CVE-2020-27483 9.9

This vulnerability in Garmin Forerunner 235 devices allows attackers to potentially execute arbitrar...

Same vulnerability type (CWE-129)
CVE-2020-27485 9.9

This vulnerability in Garmin Forerunner 235 devices allows malicious ConnectIQ store applications to...

Same vulnerability type (CWE-129)
CVE-2021-38563 9.8

This vulnerability in Foxit PDF software allows attackers to trigger memory corruption through malfo...

Same vulnerability type (CWE-129)