Not to be fixed
Created: Feb 26, 2024
Updated: Mar 15, 2024
Resolved Date: Mar 15, 2024
Found In Version: 10.21.20.1
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:
net: hso: fix NULL-deref on disconnect regression
Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device
unregistration") fixed the racy minor allocation reported by syzbot, but
introduced an unconditional NULL-pointer dereference on every disconnect
instead.
Specifically, the serial device table must no longer be accessed after
the minor has been released by hso_serial_tty_unregister().
CREATE(Triage):(User=admin) CVE-2021-46905 (https://nvd.nist.gov/vuln/detail/CVE-2021-46905)