SB2024040238 - Denial of service in Linux kernel usb implementation
Published: April 2, 2024 Updated: May 14, 2025
Security Bulletin ID
SB2024040238
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2021-46904)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error during tty device unregistration
within the get_free_serial_index() function in drivers/net/usb/hso.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/a462067d7c8e6953a733bf5ade8db947b1bb5449
- https://git.kernel.org/stable/c/145c89c441d27696961752bf51b323f347601bee
- https://git.kernel.org/stable/c/caf5ac93b3b5d5fac032fc11fbea680e115421b4
- https://git.kernel.org/stable/c/92028d7a31e55d53e41cff679156b9432cffcb36
- https://git.kernel.org/stable/c/4a2933c88399c0ebc738db39bbce3ae89786d723
- https://git.kernel.org/stable/c/dc195928d7e4ec7b5cfc6cd10dc4c8d87a7c72ac
- https://git.kernel.org/stable/c/388d05f70f1ee0cac4a2068fd295072f1a44152a
- https://git.kernel.org/stable/c/8a12f8836145ffe37e9c8733dce18c22fb668b66
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.232
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.187
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.268
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.268
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.30
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.14
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.112