CVE-2021-37159
Summary
| CVE | CVE-2021-37159 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-07-21 15:16:00 UTC |
| Updated | 2023-02-24 15:15:00 UTC |
| Description | hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free. |
Risk And Classification
Problem Types: CWE-415 | CWE-416
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Application | Oracle | Communications Cloud Native Core Binding Support Function | 22.1.3 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Network Exposure Function | 22.1.1 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Policy | 22.2.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2021-37159 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| [SECURITY] [DLA 2785-1] linux-4.19 security update | MLIST | lists.debian.org | |
| [PATCH v2] net: hso: do not call unregister if not registered — Linux USB | MISC | www.spinics.net | |
| [SECURITY] [DLA 2843-1] linux security update | MLIST | lists.debian.org | |
| Oracle Critical Patch Update Advisory - July 2022 | N/A | www.oracle.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159421 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9474)
- 159422 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2021-9475)
- 159825 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-1988)
- 178844 Debian Security Update for linux-4.19 (DLA 2785-1)
- 178943 Debian Security Update for linux (DLA 2843-1)
- 180364 Debian Security Update for linux (CVE-2021-37159)
- 198515 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5092-1)
- 198523 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5092-2)
- 198524 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5096-1)
- 198542 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5115-1)
- 198585 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5164-1)
- 198587 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5163-1)
- 240275 Red Hat Update for kernel-rt (RHSA-2022:1975)
- 240298 Red Hat Update for kernel security (RHSA-2022:1988)
- 352869 Amazon Linux Security Advisory for kernel: ALAS2-2021-1719
- 353156 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-004
- 353242 Amazon Linux Security Advisory for kernel : ALAC2012-2022-036
- 353243 Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2022-037
- 353244 Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2022-038
- 356241 Amazon Linux Security Advisory for microvm-kernel : ALASMICROVM-KERNEL-4.14-2023-001
- 610400 Google Pixel Android March 2022 Security Patch Missing
- 610408 Google Android April 2022 Security Patch Missing for Huawei EMUI
- 671134 EulerOS Security Update for kernel (EulerOS-SA-2021-2688)
- 671135 EulerOS Security Update for kernel (EulerOS-SA-2021-2636)
- 671137 EulerOS Security Update for kernel (EulerOS-SA-2021-2713)
- 671181 EulerOS Security Update for kernel (EulerOS-SA-2021-2934)
- 671703 EulerOS Security Update for kernel (EulerOS-SA-2022-1735)
- 751353 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3675-1)
- 751381 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3748-1)
- 751399 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1501-1)
- 751406 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3806-1)
- 751424 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3848-1)
- 751437 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3876-1)
- 751441 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3876-1)
- 751451 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3935-1)
- 751473 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3969-1)
- 751476 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3972-1)
- 900084 CBL-Mariner Linux Security Update for kernel 5.10.52.1
- 900302 CBL-Mariner Linux Security Update for kernel 5.10.57.1
- 900318 CBL-Mariner Linux Security Update for kernel 5.10.60.1
- 901795 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6578-1)
- 902700 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (4639-1)
- 906086 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (4639-2)
- 940517 AlmaLinux Security Update for kernel (ALSA-2022:1988)