Vulnerability-Lookup

BDU:2024-01723

Vulnerability from fstec - Published: 26.04.2021

Title

Уязвимость функции hso_serial_tty_unregister драйвера USB HSO (High Speed Options) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость функции hso_serial_tty_unregister драйвера USB HSO (High Speed Options) ядра операционной системы Linux связана с ошибкой разыменования указателя. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor

Сообщество свободного программного обеспечения

Software Name

Debian GNU/Linux, Linux

Software Version

10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), от 5.11.14 до 5.11.16 включительно (Linux), от 4.19.187 до 4.19.188 включительно (Linux), от 5.4.112 до 5.4.114 включительно (Linux), от 5.10.30 до 5.10.32 включительно (Linux), от 5.12 до 5.12.0 включительно (Linux)

Possible Mitigations

Использование рекомендаций: Для Linux: https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.232 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.189 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.268 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.268 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.33 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.17 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.1 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.115 https://git.kernel.org/linus/2ad5692db72874f02b9ad551d26345437ea4f7f3 https://git.kernel.org/stable/c/0c71d4c89559f72cec2592d078681a843bce570e https://git.kernel.org/stable/c/0f000005da31f6947f843ce6b3e3a960540c6e00 https://git.kernel.org/stable/c/24b699bea7553fc0b98dad9d864befb6005ac7f1 https://git.kernel.org/stable/c/2ad5692db72874f02b9ad551d26345437ea4f7f3 https://git.kernel.org/stable/c/41c44e1f3112d7265dae522c026399b2a42d19ef https://git.kernel.org/stable/c/5871761c5f0f20d6e98bf3b6bd7486d857589554 https://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725 https://git.kernel.org/stable/c/90642ee9eb581a13569b1c0bd57e85d962215273 https://git.kernel.org/stable/c/d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e https://lore.kernel.org/linux-cve-announce/2024022557-CVE-2021-46905-6507@gregkh/ https://lore.kernel.org/linux-cve-announce/2024022557-CVE-2021-46905-6507@gregkh/T/#u Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2021-46905

Reference

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46905 https://git.kernel.org/linus/2ad5692db72874f02b9ad551d26345437ea4f7f3 https://git.kernel.org/stable/c/0c71d4c89559f72cec2592d078681a843bce570e https://git.kernel.org/stable/c/0f000005da31f6947f843ce6b3e3a960540c6e00 https://git.kernel.org/stable/c/24b699bea7553fc0b98dad9d864befb6005ac7f1 https://git.kernel.org/stable/c/2ad5692db72874f02b9ad551d26345437ea4f7f3 https://git.kernel.org/stable/c/41c44e1f3112d7265dae522c026399b2a42d19ef https://git.kernel.org/stable/c/5871761c5f0f20d6e98bf3b6bd7486d857589554 https://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725 https://git.kernel.org/stable/c/90642ee9eb581a13569b1c0bd57e85d962215273 https://git.kernel.org/stable/c/d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.232 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.189 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.268 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.268 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.33 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.17 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.1 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.115 https://lore.kernel.org/linux-cve-announce/2024022557-CVE-2021-46905-6507@gregkh/ https://lore.kernel.org/linux-cve-announce/2024022557-CVE-2021-46905-6507@gregkh/T/#u https://security-tracker.debian.org/tracker/CVE-2021-46905 https://vuldb.com/?id.254720 https://www.cve.org/CVERecord?id=CVE-2021-46905

CWE

CWE-476

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), \u043e\u0442 5.11.14 \u0434\u043e 5.11.16 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.19.187 \u0434\u043e 4.19.188 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.4.112 \u0434\u043e 5.4.114 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.10.30 \u0434\u043e 5.10.32 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.12 \u0434\u043e 5.12.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.232\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.189\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.268\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.268\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.33\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.17\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.1\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.115\nhttps://git.kernel.org/linus/2ad5692db72874f02b9ad551d26345437ea4f7f3\nhttps://git.kernel.org/stable/c/0c71d4c89559f72cec2592d078681a843bce570e\nhttps://git.kernel.org/stable/c/0f000005da31f6947f843ce6b3e3a960540c6e00\nhttps://git.kernel.org/stable/c/24b699bea7553fc0b98dad9d864befb6005ac7f1\nhttps://git.kernel.org/stable/c/2ad5692db72874f02b9ad551d26345437ea4f7f3\nhttps://git.kernel.org/stable/c/41c44e1f3112d7265dae522c026399b2a42d19ef\nhttps://git.kernel.org/stable/c/5871761c5f0f20d6e98bf3b6bd7486d857589554\nhttps://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725\nhttps://git.kernel.org/stable/c/90642ee9eb581a13569b1c0bd57e85d962215273\nhttps://git.kernel.org/stable/c/d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e\nhttps://lore.kernel.org/linux-cve-announce/2024022557-CVE-2021-46905-6507@gregkh/\nhttps://lore.kernel.org/linux-cve-announce/2024022557-CVE-2021-46905-6507@gregkh/T/#u\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2021-46905",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "26.04.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "06.12.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.03.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-01723",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-46905",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.4.0 \u0434\u043e 4.4.267 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.9.0 \u0434\u043e 4.9.267 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.14.0 \u0434\u043e 4.14.231 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.19.0 \u0434\u043e 4.19.188 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.4.0 \u0434\u043e 5.4.114 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.10.0 \u0434\u043e 5.10.32 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.11.14 \u0434\u043e 5.11.16 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux 5.12.0 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 hso_serial_tty_unregister \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 USB HSO (High Speed Options) \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f NULL (CWE-476)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 hso_serial_tty_unregister \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 USB HSO (High Speed Options) \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46905\nhttps://git.kernel.org/linus/2ad5692db72874f02b9ad551d26345437ea4f7f3\nhttps://git.kernel.org/stable/c/0c71d4c89559f72cec2592d078681a843bce570e\nhttps://git.kernel.org/stable/c/0f000005da31f6947f843ce6b3e3a960540c6e00\nhttps://git.kernel.org/stable/c/24b699bea7553fc0b98dad9d864befb6005ac7f1\nhttps://git.kernel.org/stable/c/2ad5692db72874f02b9ad551d26345437ea4f7f3\nhttps://git.kernel.org/stable/c/41c44e1f3112d7265dae522c026399b2a42d19ef\nhttps://git.kernel.org/stable/c/5871761c5f0f20d6e98bf3b6bd7486d857589554\nhttps://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725\nhttps://git.kernel.org/stable/c/90642ee9eb581a13569b1c0bd57e85d962215273\nhttps://git.kernel.org/stable/c/d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.232\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.189\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.268\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.268\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.33\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.17\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.1\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.115\nhttps://lore.kernel.org/linux-cve-announce/2024022557-CVE-2021-46905-6507@gregkh/\nhttps://lore.kernel.org/linux-cve-announce/2024022557-CVE-2021-46905-6507@gregkh/T/#u\nhttps://security-tracker.debian.org/tracker/CVE-2021-46905\nhttps://vuldb.com/?id.254720\nhttps://www.cve.org/CVERecord?id=CVE-2021-46905",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-476",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)\n\u041d\u0435\u0442 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 0)"
}

CVE-2021-46905 (GCVE-0-2021-46905)

Vulnerability from cvelistv5 – Published: 2024-02-25 14:03 – Updated: 2025-05-04 07:00

Title

net: hso: fix NULL-deref on disconnect regression

Summary

In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device unregistration") fixed the racy minor allocation reported by syzbot, but introduced an unconditional NULL-pointer dereference on every disconnect instead. Specifically, the serial device table must no longer be accessed after the minor has been released by hso_serial_tty_unregister().

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5871761c5f0f20d6e…
	https://git.kernel.org/stable/c/0c71d4c89559f72ce…
	https://git.kernel.org/stable/c/24b699bea7553fc0b…
	https://git.kernel.org/stable/c/5c17cfe155d21954b…
	https://git.kernel.org/stable/c/d7fad2ce15bdbbd0f…
	https://git.kernel.org/stable/c/90642ee9eb581a135…
	https://git.kernel.org/stable/c/0f000005da31f6947…
	https://git.kernel.org/stable/c/41c44e1f3112d7265…
	https://git.kernel.org/stable/c/2ad5692db72874f02…

Impacted products

Vendor

Product

Version

Linux

Affected: a462067d7c8e6953a733bf5ade8db947b1bb5449 , < 5871761c5f0f20d6e98bf3b6bd7486d857589554 (git)
Affected: 145c89c441d27696961752bf51b323f347601bee , < 0c71d4c89559f72cec2592d078681a843bce570e (git)
Affected: caf5ac93b3b5d5fac032fc11fbea680e115421b4 , < 24b699bea7553fc0b98dad9d864befb6005ac7f1 (git)
Affected: 92028d7a31e55d53e41cff679156b9432cffcb36 , < 5c17cfe155d21954b4c7e2a78fa771cebcd86725 (git)
Affected: 4a2933c88399c0ebc738db39bbce3ae89786d723 , < d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e (git)
Affected: dc195928d7e4ec7b5cfc6cd10dc4c8d87a7c72ac , < 90642ee9eb581a13569b1c0bd57e85d962215273 (git)
Affected: 388d05f70f1ee0cac4a2068fd295072f1a44152a , < 0f000005da31f6947f843ce6b3e3a960540c6e00 (git)
Affected: 8a12f8836145ffe37e9c8733dce18c22fb668b66 , < 41c44e1f3112d7265dae522c026399b2a42d19ef (git)
Affected: 8a12f8836145ffe37e9c8733dce18c22fb668b66 , < 2ad5692db72874f02b9ad551d26345437ea4f7f3 (git)

Linux

Affected: 5.12
Unaffected: 0 , < 5.12 (semver)
Unaffected: 4.19.189 , ≤ 4.19.* (semver)
Unaffected: 5.4.115 , ≤ 5.4.* (semver)
Unaffected: 5.10.33 , ≤ 5.10.* (semver)
Unaffected: 5.11.17 , ≤ 5.11.* (semver)
Unaffected: 5.12.1 , ≤ 5.12.* (semver)
Unaffected: 5.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46905",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-04T21:23:48.854357Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:07.815Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.986Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5871761c5f0f20d6e98bf3b6bd7486d857589554"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0c71d4c89559f72cec2592d078681a843bce570e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/24b699bea7553fc0b98dad9d864befb6005ac7f1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/90642ee9eb581a13569b1c0bd57e85d962215273"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0f000005da31f6947f843ce6b3e3a960540c6e00"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/41c44e1f3112d7265dae522c026399b2a42d19ef"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2ad5692db72874f02b9ad551d26345437ea4f7f3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/usb/hso.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5871761c5f0f20d6e98bf3b6bd7486d857589554",
              "status": "affected",
              "version": "a462067d7c8e6953a733bf5ade8db947b1bb5449",
              "versionType": "git"
            },
            {
              "lessThan": "0c71d4c89559f72cec2592d078681a843bce570e",
              "status": "affected",
              "version": "145c89c441d27696961752bf51b323f347601bee",
              "versionType": "git"
            },
            {
              "lessThan": "24b699bea7553fc0b98dad9d864befb6005ac7f1",
              "status": "affected",
              "version": "caf5ac93b3b5d5fac032fc11fbea680e115421b4",
              "versionType": "git"
            },
            {
              "lessThan": "5c17cfe155d21954b4c7e2a78fa771cebcd86725",
              "status": "affected",
              "version": "92028d7a31e55d53e41cff679156b9432cffcb36",
              "versionType": "git"
            },
            {
              "lessThan": "d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e",
              "status": "affected",
              "version": "4a2933c88399c0ebc738db39bbce3ae89786d723",
              "versionType": "git"
            },
            {
              "lessThan": "90642ee9eb581a13569b1c0bd57e85d962215273",
              "status": "affected",
              "version": "dc195928d7e4ec7b5cfc6cd10dc4c8d87a7c72ac",
              "versionType": "git"
            },
            {
              "lessThan": "0f000005da31f6947f843ce6b3e3a960540c6e00",
              "status": "affected",
              "version": "388d05f70f1ee0cac4a2068fd295072f1a44152a",
              "versionType": "git"
            },
            {
              "lessThan": "41c44e1f3112d7265dae522c026399b2a42d19ef",
              "status": "affected",
              "version": "8a12f8836145ffe37e9c8733dce18c22fb668b66",
              "versionType": "git"
            },
            {
              "lessThan": "2ad5692db72874f02b9ad551d26345437ea4f7f3",
              "status": "affected",
              "version": "8a12f8836145ffe37e9c8733dce18c22fb668b66",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/usb/hso.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.12"
            },
            {
              "lessThan": "5.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.189",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.115",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.11.*",
              "status": "unaffected",
              "version": "5.11.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.189",
                  "versionStartIncluding": "4.19.187",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.115",
                  "versionStartIncluding": "5.4.112",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.33",
                  "versionStartIncluding": "5.10.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.11.17",
                  "versionStartIncluding": "5.11.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.1",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hso: fix NULL-deref on disconnect regression\n\nCommit 8a12f8836145 (\"net: hso: fix null-ptr-deref during tty device\nunregistration\") fixed the racy minor allocation reported by syzbot, but\nintroduced an unconditional NULL-pointer dereference on every disconnect\ninstead.\n\nSpecifically, the serial device table must no longer be accessed after\nthe minor has been released by hso_serial_tty_unregister()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:00:01.486Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5871761c5f0f20d6e98bf3b6bd7486d857589554"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c71d4c89559f72cec2592d078681a843bce570e"
        },
        {
          "url": "https://git.kernel.org/stable/c/24b699bea7553fc0b98dad9d864befb6005ac7f1"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e"
        },
        {
          "url": "https://git.kernel.org/stable/c/90642ee9eb581a13569b1c0bd57e85d962215273"
        },
        {
          "url": "https://git.kernel.org/stable/c/0f000005da31f6947f843ce6b3e3a960540c6e00"
        },
        {
          "url": "https://git.kernel.org/stable/c/41c44e1f3112d7265dae522c026399b2a42d19ef"
        },
        {
          "url": "https://git.kernel.org/stable/c/2ad5692db72874f02b9ad551d26345437ea4f7f3"
        }
      ],
      "title": "net: hso: fix NULL-deref on disconnect regression",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46905",
    "datePublished": "2024-02-25T14:03:40.944Z",
    "dateReserved": "2024-02-25T13:45:52.717Z",
    "dateUpdated": "2025-05-04T07:00:01.486Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2024-01723

CVE-2021-46905 (GCVE-0-2021-46905)

Tags

Sightings

Nomenclature