CVE-2021-46905

CVSS v3.1 5.5 (Medium)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 9

NVD Status Analyzed

In the Linux kernel, the following vulnerability has been resolved:

net: hso: fix NULL-deref on disconnect regression

Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device
unregistration") fixed the racy minor allocation reported by syzbot, but
introduced an unconditional NULL-pointer dereference on every disconnect
instead.

Specifically, the serial device table must no longer be accessed after
the minor has been released by hso_serial_tty_unregister().

Weaknesses

CWE-476: NULL Pointer Dereference

CVE Status: PUBLISHED
NVD Status: Analyzed
CNA: kernel.org
Published Date: 2024-02-26 16:27:45
(6 months ago)
Updated Date: 2024-04-17 19:30:05
(5 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel prior 4.19.189 version	cpe:2.3:o:linux:linux_kernel		< 4.19.189
Linux Kernel from 4.20.0 version and prior 5.4.115 version	cpe:2.3:o:linux:linux_kernel	>= 4.20.0	< 5.4.115
Linux Kernel from 5.5.0 version and prior 5.10.33 version	cpe:2.3:o:linux:linux_kernel	>= 5.5.0	< 5.10.33
Linux Kernel from 5.11.0 version and prior 5.11.17 version	cpe:2.3:o:linux:linux_kernel	>= 5.11.0	< 5.11.17
Linux Kernel 5.12	cpe:2.3:o:linux:linux_kernel:5.12:-
Linux Kernel 5.12 Rc1	cpe:2.3:o:linux:linux_kernel:5.12:rc1
Linux Kernel 5.12 Rc2	cpe:2.3:o:linux:linux_kernel:5.12:rc2
Linux Kernel 5.12 Rc3	cpe:2.3:o:linux:linux_kernel:5.12:rc3
Linux Kernel 5.12 Rc4	cpe:2.3:o:linux:linux_kernel:5.12:rc4
Linux Kernel 5.12 Rc5	cpe:2.3:o:linux:linux_kernel:5.12:rc5
Linux Kernel 5.12 Rc6	cpe:2.3:o:linux:linux_kernel:5.12:rc6
Linux Kernel 5.12 Rc7	cpe:2.3:o:linux:linux_kernel:5.12:rc7