CVE-2021-46905

In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device unregistration") fixed the racy minor allocation reported by syzbot, but introduced an unconditional NULL-pointer dereference on every disconnect instead. Specifically, the serial device table must no longer be accessed after the minor has been released by hso_serial_tty_unregister().

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0c71d4c89559f72cec2592d078681a843bce570e	Patch
https://git.kernel.org/stable/c/0f000005da31f6947f843ce6b3e3a960540c6e00	Patch
https://git.kernel.org/stable/c/24b699bea7553fc0b98dad9d864befb6005ac7f1	Patch
https://git.kernel.org/stable/c/2ad5692db72874f02b9ad551d26345437ea4f7f3	Patch
https://git.kernel.org/stable/c/41c44e1f3112d7265dae522c026399b2a42d19ef	Patch
https://git.kernel.org/stable/c/5871761c5f0f20d6e98bf3b6bd7486d857589554	Patch
https://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725	Patch
https://git.kernel.org/stable/c/90642ee9eb581a13569b1c0bd57e85d962215273	Patch
https://git.kernel.org/stable/c/d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.12:-::::::
	cpe:2.3:o:linux:linux_kernel:5.12:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.12:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.12:rc3::::::
	cpe:2.3:o:linux:linux_kernel:5.12:rc4::::::
	cpe:2.3:o:linux:linux_kernel:5.12:rc5::::::
	cpe:2.3:o:linux:linux_kernel:5.12:rc6::::::
	cpe:2.3:o:linux:linux_kernel:5.12:rc7::::::

History

No history.

Information

Published : 2024-02-26 16:27

Updated : 2024-04-17 19:30

NVD link : CVE-2021-46905

Mitre link : CVE-2021-46905

CVE.ORG link : CVE-2021-46905

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2021-46905", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-02-26T16:27:45.367", "references": [{"url": "https://git.kernel.org/stable/c/0c71d4c89559f72cec2592d078681a843bce570e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/0f000005da31f6947f843ce6b3e3a960540c6e00", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/24b699bea7553fc0b98dad9d864befb6005ac7f1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2ad5692db72874f02b9ad551d26345437ea4f7f3", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/41c44e1f3112d7265dae522c026399b2a42d19ef", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5871761c5f0f20d6e98bf3b6bd7486d857589554", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/90642ee9eb581a13569b1c0bd57e85d962215273", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hso: fix NULL-deref on disconnect regression\n\nCommit 8a12f8836145 (\"net: hso: fix null-ptr-deref during tty device\nunregistration\") fixed the racy minor allocation reported by syzbot, but\nintroduced an unconditional NULL-pointer dereference on every disconnect\ninstead.\n\nSpecifically, the serial device table must no longer be accessed after\nthe minor has been released by hso_serial_tty_unregister()."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: hso: corrige NULL-deref durante la regresi\u00f3n de desconexi\u00f3n. El Commit 8a12f8836145 (\"net: hso: corrige null-ptr-deref durante la cancelaci\u00f3n del registro del dispositivo tty\") corrigi\u00f3 la asignaci\u00f3n menor picante reportada por syzbot, pero en su lugar introdujo una desreferencia de puntero NULL incondicional en cada desconexi\u00f3n. Espec\u00edficamente, ya no se debe acceder a la tabla de dispositivos serie despu\u00e9s de que hso_serial_tty_unregister() haya liberado al menor."}], "lastModified": "2024-04-17T19:30:05.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4018ABCC-3436-498F-A06A-64578CF99BC5", "versionEndExcluding": "4.19.189"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC57D065-3933-4083-BA07-817D4CBF8157", "versionEndExcluding": "5.4.115", "versionStartIncluding": "4.20.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "995EF7FE-8C8F-470B-8214-BC0C68B162C3", "versionEndExcluding": "5.10.33", "versionStartIncluding": "5.5.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C74925C-5E45-4C6F-9E47-653DC5ACBE9E", "versionEndExcluding": "5.11.17", "versionStartIncluding": "5.11.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.12:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75EB504D-4A83-4C67-9C8D-FD9C6C8EB4CD"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07875739-0CCB-4F48-9330-3D4B6A4064FA"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA09B732-04F8-452C-94CF-97644E78684D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5371152-7515-4908-BB7E-494805EA5DF2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7788E5B-D54E-45BF-9043-2C7B77842FD0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A935F9F1-DA8B-49F4-BF2B-FA01A92F113E"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF0AF673-12B7-4274-9090-411D4939CB62"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06AE06A6-A0C3-4556-BFFA-3D6E4BAC43C8"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}