CVE-2021-46905

net: hso: fix NULL-deref on disconnect regression

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device
unregistration") fixed the racy minor allocation reported by syzbot, but
introduced an unconditional NULL-pointer dereference on every disconnect
instead. Specifically, the serial device table must no longer be accessed after
the minor has been released by hso_serial_tty_unregister().

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: hso: corrige NULL-deref durante la regresión de desconexión. El Commit 8a12f8836145 ("net: hso: corrige null-ptr-deref durante la cancelación del registro del dispositivo tty") corrigió la asignación menor picante reportada por syzbot, pero en su lugar introdujo una desreferencia de puntero NULL incondicional en cada desconexión. Específicamente, ya no se debe acceder a la tabla de dispositivos serie después de que hso_serial_tty_unregister() haya liberado al menor.

A vulnerability was found in the Linux kernel. This flaw occurs due to an unconditional NULL-pointer dereference on every disconnect in the Linux kernel.

In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device unregistration") fixed the racy minor allocation reported by syzbot, but introduced an unconditional NULL-pointer dereference on every disconnect instead. Specifically, the serial device table must no longer be accessed after the minor has been released by hso_serial_tty_unregister().

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-25 CVE Reserved
2024-02-25 CVE Published
2024-04-21 EPSS Updated
2024-12-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (16)

URL	Tag	Source
https://git.kernel.org/stable/c/92028d7a31e55d53e41cff679156b9432cffcb36	Vuln. Introduced
https://git.kernel.org/stable/c/4a2933c88399c0ebc738db39bbce3ae89786d723	Vuln. Introduced
https://git.kernel.org/stable/c/dc195928d7e4ec7b5cfc6cd10dc4c8d87a7c72ac	Vuln. Introduced
https://git.kernel.org/stable/c/388d05f70f1ee0cac4a2068fd295072f1a44152a	Vuln. Introduced
https://git.kernel.org/stable/c/8a12f8836145ffe37e9c8733dce18c22fb668b66	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725	2021-04-28
https://git.kernel.org/stable/c/d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e	2021-04-28
https://git.kernel.org/stable/c/90642ee9eb581a13569b1c0bd57e85d962215273	2021-04-28
https://git.kernel.org/stable/c/0f000005da31f6947f843ce6b3e3a960540c6e00	2021-04-28
https://git.kernel.org/stable/c/41c44e1f3112d7265dae522c026399b2a42d19ef	2021-05-02
https://git.kernel.org/stable/c/2ad5692db72874f02b9ad551d26345437ea4f7f3	2021-04-26
https://git.kernel.org/stable/c/5871761c5f0f20d6e98bf3b6bd7486d857589554	2021-04-28
https://git.kernel.org/stable/c/0c71d4c89559f72cec2592d078681a843bce570e	2021-04-28
https://git.kernel.org/stable/c/24b699bea7553fc0b98dad9d864befb6005ac7f1	2021-04-28

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2021-46905	2021-11-09
https://bugzilla.redhat.com/show_bug.cgi?id=2266253	2021-11-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.187 < 4.19.189 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.187 < 4.19.189"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.112 < 5.4.115 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.112 < 5.4.115"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.30 < 5.10.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.30 < 5.10.33"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11.14 < 5.11.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11.14 < 5.11.17"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 5.12.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 5.12.1"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 5.13"		en		Affected