CVE-2021-38204 Information

Description

drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.6 https://github.com/torvalds/linux/commit/b5fdf5c6e6bee35837e160c00ac89327bdad031b https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

6.8