Vulnerability Details : CVE-2021-37159
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
Vulnerability category: Memory Corruption
Products affected by CVE-2021-37159
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-37159
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-37159
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST | |
6.4
|
MEDIUM | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
0.5
|
5.9
|
NIST |
CWE ids for CVE-2021-37159
-
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.Assigned by: nvd@nist.gov (Primary)
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-37159
-
https://security.netapp.com/advisory/ntap-20210819-0003/
CVE-2021-37159 Linux Kernel Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a6ecfb39ba9d7316057cea823b196b734f6b18ca
usb: hso: fix error handling code of hso_create_net_device - kernel/git/torvalds/linux.git - Linux kernel source tree
-
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
[SECURITY] [DLA 2843-1] linux security updateMailing List;Third Party Advisory
-
https://www.spinics.net/lists/linux-usb/msg202228.html
[PATCH v2] net: hso: do not call unregister if not registered — Linux USBMailing List;Patch;Third Party Advisory
-
https://bugzilla.suse.com/show_bug.cgi?id=1188601
1188601 – (CVE-2021-37159) VUL-0: CVE-2021-37159: kernel-source,kernel-source-rt,kernel-source-azure: hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_n
-
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
[SECURITY] [DLA 2785-1] linux-4.19 security updateMailing List;Third Party Advisory
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dcb713d53e2eadf42b878c12a471e74dc6ed3145
usb: hso: remove the bailout parameter - kernel/git/torvalds/linux.git - Linux kernel source tree
-
https://www.oracle.com/security-alerts/cpujul2022.html
Oracle Critical Patch Update Advisory - July 2022Patch;Third Party Advisory
Jump to