Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-46904— net: hso: fix null-ptr-deref during tty device unregistration

EPSS 0.01% · P2
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-46904

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
net: hso: fix null-ptr-deref during tty device unregistration
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: net: hso: fix null-ptr-deref during tty device unregistration Multiple ttys try to claim the same the minor number causing a double unregistration of the same device. The first unregistration succeeds but the next one results in a null-ptr-deref. The get_free_serial_index() function returns an available minor number but doesn't assign it immediately. The assignment is done by the caller later. But before this assignment, calls to get_free_serial_index() would return the same minor number. Fix this by modifying get_free_serial_index to assign the minor number immediately after one is found to be and rename it to obtain_minor() to better reflect what it does. Similary, rename set_serial_by_index() to release_minor() and modify it to free up the minor number of the given hso_serial. Every obtain_minor() should have corresponding release_minor() call.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于tty设备注销期间存在NULL指针取消引用问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 72dc1c096c7051a48ab1dbb12f71976656b55eb5 ~ a462067d7c8e6953a733bf5ade8db947b1bb5449 -
LinuxLinux 2.6.27 -

II. Public POCs for CVE-2021-46904

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-46904

登录查看更多情报信息。

Same Patch Batch · Linux · 2024-02-25 · 11 CVEs total

CVE-2023-52465power: supply: Fix null pointer dereference in smb2_probe
CVE-2023-52467mfd: syscon: Fix null pointer dereference in of_syscon_register()
CVE-2023-52468class: fix use-after-free in class_register()
CVE-2023-52469drivers/amd/pm: fix a use-after-free in kv_parse_power_table
CVE-2023-52470drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()
CVE-2023-52471ice: Fix some null pointer dereference issues in ice_ptp.c
CVE-2023-52472crypto: rsa - add a check for allocation failure
CVE-2023-52473thermal: core: Fix NULL pointer dereference in zone registration error path
CVE-2021-46905net: hso: fix NULL-deref on disconnect regression
CVE-2022-48626moxart: fix potential use-after-free on remove path

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2021-46904

No comments yet

Leave a comment