- Description
- In the Linux kernel, the following vulnerability has been resolved: net: hso: fix null-ptr-deref during tty device unregistration Multiple ttys try to claim the same the minor number causing a double unregistration of the same device. The first unregistration succeeds but the next one results in a null-ptr-deref. The get_free_serial_index() function returns an available minor number but doesn't assign it immediately. The assignment is done by the caller later. But before this assignment, calls to get_free_serial_index() would return the same minor number. Fix this by modifying get_free_serial_index to assign the minor number immediately after one is found to be and rename it to obtain_minor() to better reflect what it does. Similary, rename set_serial_by_index() to release_minor() and modify it to free up the minor number of the given hso_serial. Every obtain_minor() should have corresponding release_minor() call.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
- nvd@nist.gov
- CWE-476
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "659FF119-13E0-486C-96F2-C0126F87D0CB",
"versionEndExcluding": "4.4.268",
"versionStartIncluding": "2.6.27"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2DBC0886-BE0B-4CA4-AF1B-531144C8BE34",
"versionEndExcluding": "4.9.268",
"versionStartIncluding": "4.5.0"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "316D2418-B6F3-454C-AA83-1577F40CFABA",
"versionEndExcluding": "4.14.232",
"versionStartIncluding": "4.10.0"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "123664FC-5EE8-4D91-9E83-09583F5FDDCF",
"versionEndExcluding": "4.19.187",
"versionStartIncluding": "4.15.0"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7FDB5646-9EDD-4F92-BF93-0F19CF52612D",
"versionEndExcluding": "5.4.112",
"versionStartIncluding": "4.20.0"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05B46463-5756-48FE-AC75-227FB4CA982B",
"versionEndExcluding": "5.10.30",
"versionStartIncluding": "5.5.0"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "91BEA1D8-08CA-4B9C-9A3C-7856507EC311",
"versionEndExcluding": "5.11.14",
"versionStartIncluding": "5.11.0"
}
],
"operator": "OR"
}
]
}
]