CVE-2020-36158

moderate-risk

Published 2021-01-05

mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.

Do I need to act?

0.58% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

ADJACENT_NETWORK / LOW complexity

Affected Products (6)

Linux Kernel

Fedora

Debian Linux

Cloud Backup

Solidfire Baseboard Management Controller Firmware

Affected Vendors

Debian Linux Fedoraproject Netapp

References (18)

Patch https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c455...

Patch https://github.com/torvalds/linux/commit/5c455c5ab332773464d02ba17015acdca198f03...

Mailing List https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html

Mailing List https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lore.kernel.org/r/20201206084801.26479-1-ruc_zhangxiaohui%40163.com

https://patchwork.kernel.org/project/linux-wireless/patch/20201206084801.26479-1...

Third Party Advisory https://security.netapp.com/advisory/ntap-20210212-0002/

Third Party Advisory https://www.debian.org/security/2021/dsa-4843