{"id":"CVE-2021-46904","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hso: fix null-ptr-deref during tty device unregistration\n\nMultiple ttys try to claim the same the minor number causing a double\nunregistration of the same device. The first unregistration succeeds\nbut the next one results in a null-ptr-deref.\n\nThe get_free_serial_index() function returns an available minor number\nbut doesn't assign it immediately. The assignment is done by the caller\nlater. But before this assignment, calls to get_free_serial_index()\nwould return the same minor number.\n\nFix this by modifying get_free_serial_index to assign the minor number\nimmediately after one is found to be and rename it to obtain_minor()\nto better reflect what it does. Similary, rename set_serial_by_index()\nto release_minor() and modify it to free up the minor number of the\ngiven hso_serial. Every obtain_minor() should have corresponding\nrelease_minor() call.","modified":"2026-03-13T05:19:19.620844Z","published":"2024-02-26T16:27:45.260Z","related":["SUSE-SU-2024:0856-1","SUSE-SU-2024:0857-1","SUSE-SU-2024:0926-1","SUSE-SU-2024:1643-1","SUSE-SU-2024:1646-1","SUSE-SU-2024:1669-1","SUSE-SU-2024:1870-1"],"references":[{"type":"FIX","url":"https://git.kernel.org/stable/c/92028d7a31e55d53e41cff679156b9432cffcb36"},{"type":"FIX","url":"https://git.kernel.org/stable/c/a462067d7c8e6953a733bf5ade8db947b1bb5449"},{"type":"FIX","url":"https://git.kernel.org/stable/c/caf5ac93b3b5d5fac032fc11fbea680e115421b4"},{"type":"FIX","url":"https://git.kernel.org/stable/c/dc195928d7e4ec7b5cfc6cd10dc4c8d87a7c72ac"},{"type":"FIX","url":"https://git.kernel.org/stable/c/145c89c441d27696961752bf51b323f347601bee"},{"type":"FIX","url":"https://git.kernel.org/stable/c/388d05f70f1ee0cac4a2068fd295072f1a44152a"},{"type":"FIX","url":"https://git.kernel.org/stable/c/4a2933c88399c0ebc738db39bbce3ae89786d723"},{"type":"FIX","url":"https://git.kernel.org/stable/c/8a12f8836145ffe37e9c8733dce18c22fb668b66"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"2.6.27"},{"fixed":"4.4.268"}]},{"events":[{"introduced":"4.5.0"},{"fixed":"4.9.268"}]},{"events":[{"introduced":"4.10.0"},{"fixed":"4.14.232"}]},{"events":[{"introduced":"4.15.0"},{"fixed":"4.19.187"}]},{"events":[{"introduced":"4.20.0"},{"fixed":"5.4.112"}]},{"events":[{"introduced":"5.5.0"},{"fixed":"5.10.30"}]},{"events":[{"introduced":"5.11.0"},{"fixed":"5.11.14"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-46904.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}