Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2021-46904
HistoryFeb 26, 2024 - 12:00 a.m.

CVE-2021-46904

2024-02-2600:00:00
ubuntu.com
ubuntu.com
8
linux kernel
hso driver
vulnerability
null-ptr-deref
tty device

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

In the Linux kernel, the following vulnerability has been resolved: net:
hso: fix null-ptr-deref during tty device unregistration Multiple ttys try
to claim the same the minor number causing a double unregistration of the
same device. The first unregistration succeeds but the next one results in
a null-ptr-deref. The get_free_serial_index() function returns an available
minor number but doesn’t assign it immediately. The assignment is done by
the caller later. But before this assignment, calls to
get_free_serial_index() would return the same minor number. Fix this by
modifying get_free_serial_index to assign the minor number immediately
after one is found to be and rename it to obtain_minor() to better reflect
what it does. Similary, rename set_serial_by_index() to release_minor() and
modify it to free up the minor number of the given hso_serial. Every
obtain_minor() should have corresponding release_minor() call.

Notes

Author Note
rodrigo-zaiden fix for this issue caused a regression, registered in CVE-2021-46905. maybe it could be just one CVE as the issue seems to remain the same.

Related

ubuntucve 1
redhatcve 2
debiancve 2
prion 2
cve 2
nessus 5
amazon 1
openvas 1
ubuntucve
ubuntucve
CVE-2021-46905
2024-02-26 00:00:00
redhatcve
redhatcve
CVE-2021-46905
2024-02-27 11:32:19
CVE-2021-46904
2024-02-27 06:01:38
debiancve
debiancve
CVE-2021-46905
2024-02-26 16:27:45
CVE-2021-46904
2024-02-26 16:27:45
prion
prion
Spoofing
2024-02-26 16:27:00
Null pointer dereference
2024-02-26 16:27:00
cve
cve
CVE-2021-46905
2024-02-26 16:27:45
CVE-2021-46904
2024-02-26 16:27:45
nessus
nessus
Amazon Linux 2 : kernel (ALAS-2021-1636)
2021-05-24 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-003)
2022-05-02 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-001)
2022-05-02 00:00:00
amazon
amazon
Medium: kernel
2021-05-20 15:51:00
openvas
openvas
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:0857-1)
2024-03-25 00:00:00

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON
Related for UB:CVE-2021-46904
ubuntucve1redhatcve2debiancve2prion2cve2nessus5amazon1openvas1