CVE-2021-38204

Опубликовано: 21 июл. 2021

Источник: redhat

CVSS3: 6.6

Описание

drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.

A flaw was found in the Linux kernel. A denial of service attack (use-after-free and panic) can be caused by a physically proximate attack by removing a MAX-3421 USB device in certain situations. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Отчет

There was no shipped kernel version that was seen affected by this problem. These files are not built in our source code.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=1992754kernel: use-after-free and panic in drivers/usb/host/max3421-hcd.c by removing a MAX-3421 USB device in certain situations

6.6 Medium

CVSS3