CVE-2021-3659

Advisory lineage Upstream: 0 Downstream: 24

Downstream

DEBIAN-CVE-2021-3659 OPENSUSE-SU-2021:1142-1 OPENSUSE-SU-2021:2645-1 OPENSUSE-SU-2021:2687-1 OPENSUSE-SU-2021:3876-1 RHSA-2021:4140

Modified

Published: 22 Aug 2022, 14:49

Last modified:03 Aug 2024, 17:01

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.12% LOW

0% probability +0.10%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

22 Aug 2022, 14:49

Published

Vulnerability first disclosed

03 Aug 2024, 17:01

Last Modified

Vulnerability information updated

Description

A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.12%• Percentile: 31%

Techniques & Countermeasures

CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
CWE-252•Unchecked Return Value
The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Affected Systems

fedoraproject•fedora
34
linux•linux_kernel
< 5.12
redhat•codeready_linux_builder
na
redhat•enterprise_linux
7.0 | 8.0
redhat•enterprise_linux_for_ibm_z_systems
8.0
redhat•enterprise_linux_for_ibm_z_systems_eus
8.6
redhat•enterprise_linux_for_power_little_endian_eus
8.6
redhat•enterprise_linux_for_real_time
8.0
redhat•enterprise_linux_for_real_time_for_nfv
8.0
redhat•enterprise_linux_for_real_time_for_nfv_tus
8.6
redhat•enterprise_linux_for_real_time_tus
8.6
redhat•enterprise_linux_server_aus
8.6
redhat•enterprise_linux_server_eus
8.6
redhat•enterprise_linux_server_tus
8.6
redhat•virtualization_host
4.0