SB20240711201 - Input validation error in Linux kernel mt76 mt7915 driver
Published: July 11, 2024 Updated: May 13, 2025
Security Bulletin ID
SB20240711201
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2021-47028)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mt7915_mcu_rx_radar_detected(), mt7915_mcu_tx_rate_parse() and mt7915_mcu_tx_rate_report() functions in drivers/net/wireless/mediatek/mt76/mt7915/mcu.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/dfc8a71448c7d4fec38fb22bdc8a76d79c14b6da
- https://git.kernel.org/stable/c/4bd926e5ca88eac4d95eacb806b229f8729bc62e
- https://git.kernel.org/stable/c/f43b941fd61003659a3f0e039595e5e525917aa8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.21
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13