First published: Tue Apr 06 2021(Updated: )
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:4.18.0-348.rt7.130.el8 | 0:4.18.0-348.rt7.130.el8 |
redhat/kernel | <0:4.18.0-348.el8 | 0:4.18.0-348.el8 |
redhat/Kernel | <5.12 | 5.12 |
Linux Kernel | <5.12 | |
Red Hat Fedora | =34 | |
Red Hat Enterprise Linux | =7.0 | |
Red Hat Enterprise Linux | =8.0 | |
Red Hat Enterprise Linux for IBM Z Systems | =8.0 | |
Red Hat Enterprise Linux for IBM Z Systems (s390x) | =8.6 | |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =8.6 | |
Red Hat Enterprise Linux for Real Time | =8.0 | |
Red Hat Enterprise Linux for Real Time for NFV | =8.0 | |
Red Hat Enterprise Linux for Real Time for NFV | =8.6 | |
Red Hat Enterprise Linux for Real Time | =8.6 | |
Red Hat Enterprise Linux Server | =8.6 | |
Red Hat Enterprise Linux Server | =8.6 | |
Red Hat Enterprise Linux Server | =8.6 | |
All of | ||
Red Hat CodeReady Linux Builder | ||
Any of | ||
Red Hat Enterprise Linux | =8.0 | |
Red Hat Enterprise Linux Server EUS | =8.6 | |
Red Hat Enterprise Linux for Power, little endian | =8.0 | |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =8.6 | |
All of | ||
Red Hat Virtualization Host EUS | =4.0 | |
Red Hat Enterprise Linux | =8.0 | |
Red Hat CodeReady Linux Builder | ||
Red Hat Enterprise Linux | =8.0 | |
Red Hat Enterprise Linux Server EUS | =8.6 | |
Red Hat Enterprise Linux for Power, little endian | =8.0 | |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =8.6 | |
Red Hat Virtualization Host EUS | =4.0 | |
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
To mitigate this issue, prevent the module mac802154 from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-3659 is high due to its impact on system availability.
To fix CVE-2021-3659, upgrade to the patched versions of the Linux kernel as specified by your distribution, such as kernel-rt 0:4.18.0-348.rt7.130.el8 or kernel 0:4.18.0-348.el8.
CVE-2021-3659 is caused by a NULL pointer dereference flaw in the IEEE 802.15.4 wireless networking subsystem of the Linux kernel.
CVE-2021-3659 affects several Linux distributions including Red Hat Enterprise Linux, Fedora, and Debian.
No, CVE-2021-3659 is a local vulnerability that requires local user access to the system to exploit.