2266253 – (CVE-2021-46905) CVE-2021-46905 kernel:NULL-deref on disconnect regression

Bug 2266253 (CVE-2021-46905) - CVE-2021-46905 kernel:NULL-deref on disconnect regression

Summary: CVE-2021-46905 kernel:NULL-deref on disconnect regression

Keywords:
Status:	NEW
Alias:	CVE-2021-46905
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2266260
Blocks:	2266218
TreeView+	depends on / blocked

Reported:	2024-02-27 11:03 UTC by Rohit Keshri
Modified:	2024-05-27 07:44 UTC (History)
CC List:	50 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in the Linux kernel. This flaw occurs due to an unconditional NULL-pointer dereference on every disconnect in the Linux kernel.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Rohit Keshri 2024-02-27 11:03:35 UTC

In the Linux kernel, the following vulnerability has been resolved:

net: hso: fix NULL-deref on disconnect regression

Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device
unregistration") fixed the racy minor allocation reported by syzbot, but
introduced an unconditional NULL-pointer dereference on every disconnect
instead.

Specifically, the serial device table must no longer be accessed after
the minor has been released by hso_serial_tty_unregister().

https://git.kernel.org/stable/c/0f000005da31f6947f843ce6b3e3a960540c6e00
https://git.kernel.org/stable/c/2ad5692db72874f02b9ad551d26345437ea4f7f3
https://git.kernel.org/stable/c/41c44e1f3112d7265dae522c026399b2a42d19ef
https://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725
https://git.kernel.org/stable/c/90642ee9eb581a13569b1c0bd57e85d962215273
https://git.kernel.org/stable/c/d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e

Comment 1 Rohit Keshri 2024-02-27 11:41:54 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2266260]

Comment 3 Justin M. Forbes 2024-02-27 19:15:05 UTC

This was fixed for Fedora with the 5.11.17 stable kernel updates.

Note You need to log in before you can comment on or make changes to this bug.

acaringi
allarkin
aquini
bhu
chwhite
cye
cyin
dbohanno
debarbos
dfreiber
drow
dvlasenk
esandeen
ezulian
hkrzesin
jarod
jburrell
jdenham
jfaracco
jforbes
jlelli
joe.lawrence
jshortt
jstancek
jwyatt
kcarcia
kyoshida
ldoskova
lgoncalv
lzampier
mleitner
mmilgram
mstowell
nmurray
ptalbert
rparrazo
rrobaina
rvrbovsk
rysulliv
scweaver
sukulkar
tglozar
tyberry
vkumar
wcosta
williams
wmealing
ycote
ykopkova
zhijwang