Vulnerability Details : CVE-2021-37159

hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.

Vulnerability category: Memory Corruption

Published 2021-07-21 15:16:21

Updated 2023-02-24 15:15:11

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-37159

Probability of exploitation activity in the next 30 days: 0.08%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 31 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-37159

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.4	MEDIUM	AV:L/AC:M/Au:N/C:P/I:P/A:P	3.4	6.4	[email protected]
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
6.4	MEDIUM	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	0.5	5.9	[email protected]
Attack Vector: Physical Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-37159

CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Assigned by: [email protected] (Primary)
CWE-416 Use After Free

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Assigned by: [email protected] (Primary)

References for CVE-2021-37159

https://security.netapp.com/advisory/ntap-20210819-0003/

Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html

Mailing List;Third Party Advisory

CVEs referencing this url
https://www.spinics.net/lists/linux-usb/msg202228.html

Mailing List;Patch;Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html

Mailing List;Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpujul2022.html

Patch;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2021-37159

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions up to, including, (<=) 5.13.4
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Cloud Native Core Policy » Version: 22.2.0
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Cloud Native Core Binding Support Function » Version: 22.1.3
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Cloud Native Core Network Exposure Function » Version: 22.1.1
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*
Matching versions