LiveActive security incident?Get immediate response
CVE Record

CVE-2021-47611: mac80211: validate extended element ID is present

In the Linux kernel, the following vulnerability has been resolved: mac80211: validate extended element ID is present Before attempting to parse an extended element, verify that the extended element ID is present.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This is a Linux kernel mac80211 wireless parsing flaw. The fix adds a check that an extended element ID exists before parsing it. Business urgency is unclear because the source bundle provides no CVSS score, impact statement, or exploitation evidence.

Executive priority

Set priority after confirming Wi-Fi exposure and vendor patch status. Without exploitation evidence or severity data, this should be managed through normal kernel patch governance, with higher attention for Linux devices that rely on Wi-Fi.

Technical view

CVE-2021-47611 concerns missing validation in Linux mac80211 before parsing an extended element. The upstream resolution verifies the extended element ID is present. The bundle lists Linux kernel versions as affected and points to stable kernel commits, but does not state crash, privilege, data exposure, or remote-code impact.

Likely exposure

Exposure is most relevant to Linux systems using the mac80211 Wi-Fi stack. Kernel versions listed as affected include 4.19, 4.19.222, 5.4.168, 5.10.88, 5.15.11, and 5.16, though distro backports may change practical status.

Exploitation context

The source bundle does not cite active exploitation, and KEV is false. It also lacks exploitability details, CVSS, CWE, and impact language. Treat this as a kernel input-validation issue requiring asset validation, not as confirmed exploited activity.

Researcher notes

The useful technical signal is narrow: mac80211 now validates the extended element ID before parsing. The bundle does not identify the malformed input impact, reachable call path, or affected configurations beyond Linux kernel version data and stable commits.

Mitigation direction

  • Check your Linux distributor's advisory and kernel backport status for CVE-2021-47611.
  • Update affected systems to a vendor-supported kernel containing the mac80211 fix.
  • Prioritize Wi-Fi-enabled endpoints, appliances, and embedded Linux systems.
  • Track the referenced stable kernel commits when validating custom kernels.

Validation and detection

  • Inventory Linux kernel versions across Wi-Fi-capable assets.
  • Confirm whether kernels include one of the referenced stable fixes or a vendor backport.
  • Review distro security notes for corrected package versions and reboot requirements.
  • Verify mac80211 is relevant to the device's wireless stack before assigning urgency.
Prepared
Confidence
medium
Sources
7

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2021-47611 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
6Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux41cbb0f5a29592874355e4159489eb08337cd50e, 41cbb0f5a29592874355e4159489eb08337cd50e, 41cbb0f5a29592874355e4159489eb08337cd50e, 41cbb0f5a29592874355e4159489eb08337cd50e, 41cbb0f5a29592874355e4159489eb08337cd50eunaffected
LinuxLinux4.19, 0, 4.19.222, 5.4.168, 5.10.88, 5.15.11, 5.16affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.