Vulnerability Name:

CVE-2021-27803 (CCN-197521)

Assigned:2021-02-25
Published:2021-02-25
Updated:2022-05-23
Summary:A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:5.4 Medium (CVSS v2 Vector: AV:A/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
CWE-416
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2021-27803

Source: MLIST
Type: Mailing List, Mitigation, Third Party Advisory
[oss-security] 20210227 Re: wpa_supplicant P2P provision discovery processing vulnerability

Source: XF
Type: UNKNOWN
w1fi-cve202127803-code-exec(197521)

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20210302 [SECURITY] [DLA 2581-1] wpa security update

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-99cad2b81f

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-3430f96019

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-9b00febe54

Source: CCN
Type: oss-sec Mailing List, Thu, 25 Feb 2021 21:03:50 +0200
wpa_supplicant P2P provision discovery processing vulnerability

Source: CCN
Type: oss-sec Mailing List, Sat, 27 Feb 2021 07:54:16 +0100
Re: wpa_supplicant P2P provision discovery processing vulnerability

Source: MISC
Type: Patch, Vendor Advisory
https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch

Source: CCN
Type: W1.Fi Web site
wpa_supplicant P2P provision discovery processing vulnerability

Source: MISC
Type: Mitigation, Vendor Advisory
https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt

Source: DEBIAN
Type: Third Party Advisory
DSA-4898

Source: MISC
Type: Mailing List, Mitigation, Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/02/25/3

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-27803

Vulnerable Configuration:Configuration 1:
  • cpe:/a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:* (Version >= 1.0 and < 2.10)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:w1.fi:wpa_supplicant:2.9:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7829
    P
    		wpa_supplicant-2.10-150500.1.3 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:3573
    P
    		libapr-util1-1.5.3-2.8.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3222
    P
    		libopenssl-devel-1.0.2p-1.13 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94685
    P
    		libpcre2-16-0-10.39-150400.2.3 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94852
    P
    		wpa_supplicant-2.9-4.33.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:333
    P
    		wpa_supplicant-2.9-4.29.1 on GA media (Moderate)
    2022-06-13
    oval:org.opensuse.security:def:386
    P
    		wpa_supplicant-2.9-4.33.1 on GA media (Moderate)
    2022-06-10
    oval:org.opensuse.security:def:93170
    P
    		 (Moderate)
    2022-03-24
    oval:org.opensuse.security:def:93323
    P
    		 (Moderate)
    2022-03-04
    oval:org.opensuse.security:def:99213
    P
    		 (Moderate)
    2022-02-18
    oval:org.opensuse.security:def:113587
    P
    		wpa_supplicant-2.9-13.4 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:102225
    P
    		Security update for openssh (Important)
    2021-12-06
    oval:org.opensuse.security:def:106973
    P
    		wpa_supplicant-2.9-13.4 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:1262
    P
    		Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) (Important)
    2021-09-16
    oval:org.opensuse.security:def:101398
    P
    		salt-api-3002.2-6.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:101109
    P
    		wpa_supplicant-2.9-4.29.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:72092
    P
    		wpa_supplicant-2.9-4.29.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62351
    P
    		wpa_supplicant-2.9-4.29.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:111259
    P
    		Security update for wpa_supplicant (Important)
    2021-03-14
    oval:com.redhat.rhsa:def:20210809
    P
    		RHSA-2021:0809: wpa_supplicant security update (Important)
    2021-03-11
    oval:com.redhat.rhsa:def:20210808
    P
    		RHSA-2021:0808: wpa_supplicant security update (Important)
    2021-03-10
    oval:org.opensuse.security:def:30037
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:59603
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:88578
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:54772
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:84280
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:127231
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:33092
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:24034
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:57564
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:86734
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:51176
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:82156
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:31354
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:59861
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:89258
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:21422
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:55305
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:84738
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:33780
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:28949
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:58093
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:87556
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:51745
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:82689
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:125667
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:31741
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:89516
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:23188
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:55860
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:85818
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:34038
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:29482
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:58915
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:88261
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:52022
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:83244
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:126834
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:32270
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:23757
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:57177
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:86205
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:81116
    P
    		Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:34647
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:69800
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:99808
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:108891
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:10410
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:8713
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:92068
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:64662
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:9660
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:92858
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:117578
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:69999
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:100120
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:8907
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:92263
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:67053
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:99410
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:9859
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:93017
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:70356
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:60470
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:97270
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:73784
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:95512
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:9102
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:92460
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:69602
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:99609
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:108064
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:10216
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:5964
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:70550
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:99018
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:76121
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:9462
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    oval:org.opensuse.security:def:92659
    P
    		Security update for wpa_supplicant (Important)
    2021-03-08
    BACK
    w1.fi wpa supplicant *
    fedoraproject fedora 32
    fedoraproject fedora 33
    fedoraproject fedora 34
    debian debian linux 9.0
    debian debian linux 10.0
    w1.fi wpa supplicant 2.9