Bug 2266253 (CVE-2021-46905)
| Summary: | CVE-2021-46905 kernel:NULL-deref on disconnect regression | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Rohit Keshri <rkeshri> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | acaringi, allarkin, aquini, bhu, chwhite, cye, cyin, dbohanno, debarbos, dfreiber, drow, dvlasenk, esandeen, ezulian, hkrzesin, jarod, jburrell, jdenham, jfaracco, jforbes, jlelli, joe.lawrence, jshortt, jstancek, jwyatt, kcarcia, kyoshida, ldoskova, lgoncalv, lzampier, mleitner, mmilgram, mstowell, nmurray, ptalbert, rparrazo, rrobaina, rvrbovsk, rysulliv, scweaver, sukulkar, tglozar, tyberry, vkumar, wcosta, williams, wmealing, ycote, ykopkova, zhijwang |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A vulnerability was found in the Linux kernel. This flaw occurs due to an unconditional NULL-pointer dereference on every disconnect in the Linux kernel.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2266260 | ||
| Bug Blocks: | 2266218 | ||
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2266260] This was fixed for Fedora with the 5.11.17 stable kernel updates. The result of automatic check (that is developed by Alexander Larkin) for this CVE-2021-46905 is: CHECK Maybe valid. Check manually. with impact LOW (that is an approximation based on flags NULLPTR USB INIT SIMPLEFIX ; these flags parsed automatically based on patch data). Such automatic check happens only for Low/Moderates (and only when not from reporter, but parsing already existing CVE). Highs always checked manually (I check it myself and then we check it again in Remediation team). In rare cases some of the Moderates could be increased to High later. |
In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device unregistration") fixed the racy minor allocation reported by syzbot, but introduced an unconditional NULL-pointer dereference on every disconnect instead. Specifically, the serial device table must no longer be accessed after the minor has been released by hso_serial_tty_unregister(). https://git.kernel.org/stable/c/0f000005da31f6947f843ce6b3e3a960540c6e00 https://git.kernel.org/stable/c/2ad5692db72874f02b9ad551d26345437ea4f7f3 https://git.kernel.org/stable/c/41c44e1f3112d7265dae522c026399b2a42d19ef https://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725 https://git.kernel.org/stable/c/90642ee9eb581a13569b1c0bd57e85d962215273 https://git.kernel.org/stable/c/d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e