CVE-2021-37159

Description

hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.

CVSS Metrics

• v3.1•MEDIUM•Score: 6.4CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
• v2.0•MEDIUM•Score: 4.4AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.03%• Percentile: 10%

Techniques & Countermeasures

• CWE-415•Double Free

  The product calls free() twice on the same memory address.

• CWE-416•Use After Free

  The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Affected Systems

• debian•debian_linux

  9.0

• linux•linux_kernel

  ≤ 5.13.4

• oracle•communications_cloud_native_core_binding_support_function

  22.1.3

• oracle•communications_cloud_native_core_network_exposure_function

  22.1.1

• oracle•communications_cloud_native_core_policy

  22.2.0

References (8)

• https://www.spinics.net/lists/linux-usb/msg202228.html
• https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
• https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
• https://www.oracle.com/security-alerts/cpujul2022.html
• https://security.netapp.com/advisory/ntap-20210819-0003/
• https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a6ecfb39ba9d7316057cea823b196b734f6b18ca
• https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dcb713d53e2eadf42b878c12a471e74dc6ed3145
• https://bugzilla.suse.com/show_bug.cgi?id=1188601