NULL pointer dereference in Linux kernel - CVE-2021-46904
Published: April 2, 2024 / Updated: May 14, 2025
Vulnerability identifier: #VU87990
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-46904
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error during tty device unregistration
within the get_free_serial_index() function in drivers/net/usb/hso.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.
External links
- https://git.kernel.org/stable/c/a462067d7c8e6953a733bf5ade8db947b1bb5449
- https://git.kernel.org/stable/c/145c89c441d27696961752bf51b323f347601bee
- https://git.kernel.org/stable/c/caf5ac93b3b5d5fac032fc11fbea680e115421b4
- https://git.kernel.org/stable/c/92028d7a31e55d53e41cff679156b9432cffcb36
- https://git.kernel.org/stable/c/4a2933c88399c0ebc738db39bbce3ae89786d723
- https://git.kernel.org/stable/c/dc195928d7e4ec7b5cfc6cd10dc4c8d87a7c72ac
- https://git.kernel.org/stable/c/388d05f70f1ee0cac4a2068fd295072f1a44152a
- https://git.kernel.org/stable/c/8a12f8836145ffe37e9c8733dce18c22fb668b66
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.232
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.187
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.268
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.268
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.30
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.14
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.112