CVE-2021-37159

CVSS v3.1 6.4 (Medium)

CVSS v2.0 4.4 (Medium)

EPSS 0.13 % (49^th)

Affected Products 5

Advisories 35

hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.

Weaknesses

CWE-415: Double Free
CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2021-07-21 15:16:20
(3 years ago)
Updated Date: 2024-03-25 01:15:51
(5 months ago)

Affected Products

Debian

Debian Linux

Linux

Linux Kernel

Oracle

Configuration #1

		CPE23	From	Up To
	Linux Kernel 5.13.4 and prior versions	cpe:2.3:o:linux:linux_kernel		<= 5.13.4

Configuration #2

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0

Configuration #3

		CPE23	From	Up To
	Oracle Communications Cloud Native Core Binding Support Function 22.1.3	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3
	Oracle Communications Cloud Native Core Network Exposure Function 22.1.1	cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1
	Oracle Communications Cloud Native Core Policy 22.2.0	cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0