In the Linux kernel, the following vulnerability has been resolved:
net: hso: fix NULL-deref on disconnect regression
Commit 8a12f8836145 (net: hso: fix null-ptr-deref during tty device unregistration) fixed the racy minor allocation reported by syzbot, but introduced an unconditional NULL-pointer dereference on every disconnect instead.
Specifically, the serial device table must no longer be accessed after the minor has been released by hso_serial_tty_unregister().
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Linux_kernel | Linux | * | 4.19.189 (excluding) |
| Linux_kernel | Linux | 4.20.0 (including) | 5.4.115 (excluding) |
| Linux_kernel | Linux | 5.5.0 (including) | 5.10.33 (excluding) |
| Linux_kernel | Linux | 5.11.0 (including) | 5.11.17 (excluding) |
| Linux_kernel | Linux | 5.12 (including) | 5.12 (including) |
| Linux_kernel | Linux | 5.12-rc1 (including) | 5.12-rc1 (including) |
| Linux_kernel | Linux | 5.12-rc2 (including) | 5.12-rc2 (including) |
| Linux_kernel | Linux | 5.12-rc3 (including) | 5.12-rc3 (including) |
| Linux_kernel | Linux | 5.12-rc4 (including) | 5.12-rc4 (including) |
| Linux_kernel | Linux | 5.12-rc5 (including) | 5.12-rc5 (including) |
| Linux_kernel | Linux | 5.12-rc6 (including) | 5.12-rc6 (including) |
| Linux_kernel | Linux | 5.12-rc7 (including) | 5.12-rc7 (including) |