Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-46904
HistoryFeb 26, 2024 - 12:00 a.m.

CVE-2021-46904

2024-02-2600:00:00
ubuntu.com
ubuntu.com
8
linux kernel
hso driver
vulnerability
null-ptr-deref
tty device

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

In the Linux kernel, the following vulnerability has been resolved: net:
hso: fix null-ptr-deref during tty device unregistration Multiple ttys try
to claim the same the minor number causing a double unregistration of the
same device. The first unregistration succeeds but the next one results in
a null-ptr-deref. The get_free_serial_index() function returns an available
minor number but doesn’t assign it immediately. The assignment is done by
the caller later. But before this assignment, calls to
get_free_serial_index() would return the same minor number. Fix this by
modifying get_free_serial_index to assign the minor number immediately
after one is found to be and rename it to obtain_minor() to better reflect
what it does. Similary, rename set_serial_by_index() to release_minor() and
modify it to free up the minor number of the given hso_serial. Every
obtain_minor() should have corresponding release_minor() call.

Notes

Author Note
rodrigo-zaiden fix for this issue caused a regression, registered in CVE-2021-46905. maybe it could be just one CVE as the issue seems to remain the same.

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%