CVE-2021-37159 log

Source
Severity Medium
Remote No
Type Arbitrary code execution
Description
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel before version 5.13.6 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
Group Package Affected Fixed Severity Status Ticket
AVG-2234 linux-hardened 5.12.19.hardened1-1 Medium Vulnerable
AVG-2235 linux-lts 5.10.53-1 5.10.54-1 Medium Fixed
AVG-2233 linux-zen 5.13.5.zen1-1 5.13.6.zen1-1 Medium Fixed
AVG-2232 linux 5.13.5.arch1-1 5.13.6.arch1-1 Medium Fixed
References
https://www.spinics.net/lists/linux-usb/msg202228.html
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.6&id=eeaa4b8d1e2e6f10362673d283a97dccc7275afa
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.54&id=115e4f5b64ae8d9dd933167cafe2070aaac45849