CVE-2021-46905

NameCVE-2021-46905
DescriptionIn the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device unregistration") fixed the racy minor allocation reported by syzbot, but introduced an unconditional NULL-pointer dereference on every disconnect instead. Specifically, the serial device table must no longer be accessed after the minor has been released by hso_serial_tty_unregister().
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)buster4.19.249-2fixed
buster (security)4.19.304-1fixed
bullseye5.10.209-2fixed
bullseye (security)5.10.216-1fixed
bookworm6.1.76-1fixed
bookworm (security)6.1.90-1fixed
sid, trixie6.7.12-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)(not affected)

Notes

- linux <not-affected> (No Debian released version vulnerable))
https://git.kernel.org/linus/2ad5692db72874f02b9ad551d26345437ea4f7f3 (5.13-rc1)
Search for package or bug name: Reporting problems