Details of VAR-202208-0853

ID

VAR-202208-0853

CVE

CVE-2021-26950

TITLE

Out-of-bounds read vulnerability in multiple Intel products

Trust: 0.8

sources: JVNDB: JVNDB-2021-020181

DESCRIPTION

Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access. wi-fi 6 ax411 firmware, wi-fi 6 ax211 firmware, wi-fi 6 ax210 Multiple Intel products, including firmware, contain out-of-bounds read vulnerabilities.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2021-26950 // JVNDB: JVNDB-2021-020181

IOT TAXONOMY

category:

['network device']

sub_category:

bluetooth device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	intel	model:	dual band wireless-ac 3165	scope:	lt	version:	22.120	Trust: 1.0
vendor:	intel	model:	killer wireless-ac 1550	scope:	lt	version:	22.120	Trust: 1.0
vendor:	intel	model:	dual band wireless-ac 8260	scope:	lt	version:	22.120	Trust: 1.0
vendor:	intel	model:	wi-fi 6 ax210	scope:	lt	version:	22.120	Trust: 1.0
vendor:	intel	model:	wi-fi 6 ax201	scope:	lt	version:	22.120	Trust: 1.0
vendor:	intel	model:	wireless-ac 9560	scope:	lt	version:	22.120	Trust: 1.0
vendor:	intel	model:	killer wi-fi 6 ax1650	scope:	lt	version:	22.120	Trust: 1.0
vendor:	intel	model:	killer wi-fi 6e ax1675	scope:	lt	version:	22.120	Trust: 1.0
vendor:	intel	model:	wi-fi 6 ax211	scope:	lt	version:	22.120	Trust: 1.0
vendor:	intel	model:	wi-fi 6 ax411	scope:	lt	version:	22.120	Trust: 1.0
vendor:	intel	model:	wireless-ac 9260	scope:	lt	version:	22.120	Trust: 1.0
vendor:	intel	model:	wireless 7265	scope:	lt	version:	22.120	Trust: 1.0
vendor:	intel	model:	wireless-ac 9461	scope:	lt	version:	22.120	Trust: 1.0
vendor:	intel	model:	wi-fi 6 ax200	scope:	lt	version:	22.120	Trust: 1.0
vendor:	intel	model:	killer wi-fi 6e ax1690	scope:	lt	version:	22.120	Trust: 1.0
vendor:	intel	model:	dual band wireless-ac 3168	scope:	lt	version:	22.120	Trust: 1.0
vendor:	intel	model:	wireless-ac 9462	scope:	lt	version:	22.120	Trust: 1.0
vendor:	intel	model:	dual band wireless-ac 8265	scope:	lt	version:	22.120	Trust: 1.0
vendor:	インテル	model:	dual band wireless-ac 8260	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	killer wi-fi 6e ax1675	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	dual band wireless-ac 3165	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	killer wi-fi 6 ax1650	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	wireless-ac 9462	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	wireless-ac 9461	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	wireless-ac 9560	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel wi-fi 6 ax201	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	wireless 7265	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	dual band wireless-ac 3168	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	dual band wireless-ac 8265	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	wi-fi 6 ax210	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	intel wi-fi 6 ax200	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	wi-fi 6 ax211	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	wi-fi 6 ax411	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	killer wireless-ac 1550	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	killer wi-fi 6e ax1690	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	wireless-ac 9260	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-020181 // NVD: CVE-2021-26950

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-26950
value:	MEDIUM
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2021-26950
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-26950
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202208-2682
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-26950
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2021-26950
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-020181 // CNNVD: CNNVD-202208-2682 // NVD: CVE-2021-26950 // NVD: CVE-2021-26950

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	Out-of-bounds read (CWE-125) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-020181 // NVD: CVE-2021-26950

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202208-2682

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202208-2682

PATCH

title:

Intel Wireless Bluetooth Buffer error vulnerability fix

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=205049

Trust: 0.6

sources: CNNVD: CNNVD-202208-2682

EXTERNAL IDS

db:	NVD	id:	CVE-2021-26950	Trust: 3.3
db:	JVN	id:	JVNVU99494206	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-020181	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.3961	Trust: 0.6
db:	CNNVD	id:	CNNVD-202208-2682	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2021-020181 // CNNVD: CNNVD-202208-2682 // NVD: CVE-2021-26950

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00628.html	Trust: 2.4
url:	https://jvn.jp/vu/jvnvu99494206/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-26950	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2021-26950/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3961	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2021-020181 // CNNVD: CNNVD-202208-2682 // NVD: CVE-2021-26950

SOURCES

db:	OTHER	id:	-
db:	JVNDB	id:	JVNDB-2021-020181
db:	CNNVD	id:	CNNVD-202208-2682
db:	NVD	id:	CVE-2021-26950

LAST UPDATE DATE

2025-05-07T20:28:58.754000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2021-020181	date:	2023-09-25T08:47:00
db:	CNNVD	id:	CNNVD-202208-2682	date:	2022-08-22T00:00:00
db:	NVD	id:	CVE-2021-26950	date:	2025-05-05T17:17:03.397

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2021-020181	date:	2023-09-25T00:00:00
db:	CNNVD	id:	CNNVD-202208-2682	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2021-26950	date:	2022-08-18T20:15:09.410