CVE-2021-46905

net: hso: fix NULL-deref on disconnect regression

Description

In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device unregistration") fixed the racy minor allocation reported by syzbot, but introduced an unconditional NULL-pointer dereference on every disconnect instead. Specifically, the serial device table must no longer be accessed after the minor has been released by hso_serial_tty_unregister().

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.01%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/5871761c5f0f20d6e98bf3b6bd7486d857589554 patch
https://git.kernel.org/stable/c/0c71d4c89559f72cec2592d078681a843bce570e patch
https://git.kernel.org/stable/c/24b699bea7553fc0b98dad9d864befb6005ac7f1 patch
https://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725 patch
https://git.kernel.org/stable/c/d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e patch
https://git.kernel.org/stable/c/90642ee9eb581a13569b1c0bd57e85d962215273 patch
https://git.kernel.org/stable/c/0f000005da31f6947f843ce6b3e3a960540c6e00 patch
https://git.kernel.org/stable/c/41c44e1f3112d7265dae522c026399b2a42d19ef patch
https://git.kernel.org/stable/c/2ad5692db72874f02b9ad551d26345437ea4f7f3 patch

Frequently Asked Questions

What is the severity of CVE-2021-46905?
CVE-2021-46905 has been scored as a medium severity vulnerability.
How to fix CVE-2021-46905?
To fix CVE-2021-46905, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-46905 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-46905 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-46905?
CVE-2021-46905 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.