| The vulnerability, tracked as CVE-2021-47347, is a possible buffer overflow in the `wl1251_cmd_scan` function within the Linux kernel. Specifically, the function calls `memcpy` without checking the length of the data being copied, which can lead to a buffer overflow. |
| |
| To mitigate this issue, the kernel developers have added checks to ensure that the length of the data being copied is within the maximum allowed size. This fix has been backported to various Linux kernel versions, including 4.4.276, 4.9.276, 4.14.240, 4.19.198, 5.4.133, 5.10.51, 5.12.18, and 5.13.3. |
| |
| The affected file is `drivers/net/wireless/ti/wl1251/cmd.c`. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are never tested alone and cherry-picking individual commits is not supported by the Linux kernel community. However, if updating to the latest release is impossible, the individual changes can be found in the corresponding commit hashes provided. |
| |
