A double-free memory corruption, introduced in OpenSSH 8.2, that could be reached by an attacker with access to the agent socket. Exploitable by a user forwarding an agent either to an account shared with a malicious user or to a host with an attacker holding root access. Reference: https://www.openssh.com/txt/release-8.5
Created openssh tracking bugs for this issue: Affects: fedora-all [bug 1935057]
External References: https://www.openssh.com/txt/release-8.5
Statement: This issue doesn't affected any versions of OpenSSH packaged and shipped with Red Hat Enterprise Linux 6, 7 and 8. The issue was introduced in OpenSSH 8.2 while the most recent OpenSSH version available for Red Hat Enterprise Linux 8 is based on OpenSSH 8.0.
Upstream fix: https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db The double free happens on ssh-agent