A double-free memory corruption, introduced in OpenSSH 8.2, that could be reached by an attacker with access to the agent socket. Exploitable by a user forwarding an agent either to an account shared with a malicious user or to a host with an attacker holding root access.
Created openssh tracking bugs for this issue:
Affects: fedora-all [bug 1935057]
This issue doesn't affected any versions of OpenSSH packaged and shipped with Red Hat Enterprise Linux 6, 7 and 8. The issue was introduced in OpenSSH 8.2 while the most recent OpenSSH version available for Red Hat Enterprise Linux 8 is based on OpenSSH 8.0.
The double free happens on ssh-agent