CVE-2021-47251
📋 TL;DR
This CVE describes a vulnerability in the Linux kernel's mac80211 wireless subsystem where improper length validation of scan response frames could trigger a kernel warning (WARN_ON) in cfg80211. The vulnerability affects Linux systems using wireless networking with mac80211 drivers. Attackers could potentially cause denial of service or system instability by sending specially crafted wireless frames.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash leading to denial of service, potentially allowing further exploitation if combined with other vulnerabilities.
Likely Case
System instability, kernel warnings in logs, and potential denial of service for wireless functionality.
If Mitigated
Minor system logging of warnings with no significant operational impact.
🎯 Exploit Status
Exploitation requires wireless network access and knowledge of wireless frame crafting. No public exploit code is known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel trees (commits: 5a1cd67a801cf5ef989c4783e07b86a25b143126, d1b949c70206178b12027f66edc088d40375b5cb, e298aa358f0ca658406d524b6639fe389cb6e11e)
Vendor Advisory: https://git.kernel.org/stable/c/5a1cd67a801cf5ef989c4783e07b86a25b143126
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable wireless scanning
linuxPrevent wireless scanning functionality that triggers the vulnerable code path
iw dev wlan0 set scan off
Disable wireless interface
linuxCompletely disable wireless networking to prevent exploitation
ip link set wlan0 down
🧯 If You Can't Patch
- Implement network segmentation to isolate wireless networks from critical systems
- Use wireless intrusion detection/prevention systems to monitor for malicious scan frames
🔍 How to Verify
Check if Vulnerable:
Check kernel version and compare with distribution's security advisories. Vulnerable if using unpatched kernel with wireless enabled.Check Version:
uname -rVerify Fix Applied:
Verify kernel version matches patched release from your distribution. Check dmesg for absence of related warnings.📡 Detection & Monitoring
Log Indicators:
- Kernel warnings (WARN_ON) in dmesg related to cfg80211 or mac80211
- Unexpected wireless scan activity
Network Indicators:
- Malformed wireless management frames
- Excessive scan request/response traffic
SIEM Query:
source="kernel" AND ("WARN_ON" OR "cfg80211" OR "mac80211") AND "scan"🔗 References
- https://git.kernel.org/stable/c/5a1cd67a801cf5ef989c4783e07b86a25b143126
- https://git.kernel.org/stable/c/d1b949c70206178b12027f66edc088d40375b5cb
- https://git.kernel.org/stable/c/e298aa358f0ca658406d524b6639fe389cb6e11e
- https://git.kernel.org/stable/c/5a1cd67a801cf5ef989c4783e07b86a25b143126
- https://git.kernel.org/stable/c/d1b949c70206178b12027f66edc088d40375b5cb
- https://git.kernel.org/stable/c/e298aa358f0ca658406d524b6639fe389cb6e11e
