CVE-2021-47028 in Linuxinfo

Summary

by MITRE • 02/28/2024

In the Linux kernel, the following vulnerability has been resolved:

mt76: mt7915: fix txrate reporting

Properly check rate_info to fix unexpected reporting.

[ 1215.161863] Call trace:
[ 1215.164307] cfg80211_calculate_bitrate+0x124/0x200 [cfg80211]
[ 1215.170139] ieee80211s_update_metric+0x80/0xc0 [mac80211]
[ 1215.175624] ieee80211_tx_status_ext+0x508/0x838 [mac80211]
[ 1215.181190] mt7915_mcu_get_rx_rate+0x28c/0x8d0 [mt7915e]
[ 1215.186580] mt7915_mac_tx_free+0x324/0x7c0 [mt7915e]
[ 1215.191623] mt7915_queue_rx_skb+0xa8/0xd0 [mt7915e]
[ 1215.196582] mt76_dma_cleanup+0x7b0/0x11d0 [mt76]
[ 1215.201276] __napi_poll+0x38/0xf8
[ 1215.204668] napi_workfn+0x40/0x80
[ 1215.208062] process_one_work+0x1fc/0x390
[ 1215.212062] worker_thread+0x48/0x4d0
[ 1215.215715] kthread+0x120/0x128
[ 1215.218935] ret_from_fork+0x10/0x1c

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 12/06/2024

The vulnerability identified as CVE-2021-47028 affects the Linux kernel's wireless subsystem, specifically within the mt7915 driver implementation for MediaTek wireless network adapters. This issue manifests as improper handling of transmission rate information during wireless packet processing, creating a potential pathway for incorrect bitrate calculations that could impact network performance and reliability. The flaw exists within the mt76 wireless driver framework which serves as a common base for various MediaTek wireless chipsets including the mt7915 model. The vulnerability stems from inadequate validation of rate_info structures when processing received wireless frames, particularly in the context of 802.11s mesh networking operations where metric calculations are critical for routing decisions.

The technical implementation flaw occurs during the processing of wireless transmission status updates where the driver fails to properly validate rate_info parameters before using them in bitrate calculations. This improper validation leads to unexpected behavior in the cfg80211 subsystem's bitrate calculation functions, specifically in the cfg80211_calculate_bitrate function that is invoked through the wireless networking stack. The call trace demonstrates a clear path through the mac80211 subsystem where ieee80211s_update_metric processes mesh network metrics, followed by ieee80211_tx_status_ext handling transmission status updates, ultimately reaching the mt7915_mcu_get_rx_rate function that contains the vulnerable code path. This represents a classic case of inadequate input validation where malformed or unexpected rate information can cause the system to compute incorrect transmission rates.

The operational impact of this vulnerability extends beyond simple performance degradation to potentially affect network stability and security. When transmission rate reporting becomes inaccurate, mesh network routing decisions based on these metrics may become suboptimal or incorrect, leading to reduced network throughput, increased latency, or even network partitioning in severe cases. From a security perspective, while this vulnerability does not appear to enable direct privilege escalation or arbitrary code execution, it could potentially be leveraged in combination with other vulnerabilities to create more significant security impacts. The issue affects wireless network adapters that utilize the MediaTek mt7915 chipset, which are commonly found in enterprise and consumer networking equipment, making this vulnerability relevant to a broad range of network infrastructure deployments.

Mitigation strategies for CVE-2021-47028 should focus on applying the official kernel patches that properly validate rate_info structures before processing transmission rate information. Network administrators should prioritize updating their Linux kernel versions to include the fix, particularly in environments where MediaTek wireless adapters are deployed. The fix involves implementing proper bounds checking and validation of rate_info parameters within the mt7915 driver's rate reporting functions, specifically addressing the gap in the mt7915_mcu_get_rx_rate function. Organizations should also consider monitoring wireless network performance metrics for unusual rate fluctuations that might indicate the vulnerability's impact, as these could manifest as intermittent connectivity issues or unexpected network behavior. Additionally, implementing network segmentation and monitoring solutions can help detect abnormal wireless traffic patterns that might result from this vulnerability's exploitation. The vulnerability aligns with CWE-20, "Improper Input Validation," and could potentially map to ATT&CK techniques involving network performance degradation or wireless network reconnaissance activities that exploit weak transmission rate reporting mechanisms in wireless infrastructure.

Reservation

02/27/2024

Disclosure

02/28/2024

Moderation

accepted

CPE

ready

EPSS

0.00245

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!