CVE-2021-38204
MEDIUMLinux Kernel < 5.13.6 - Use-After-Free in MAX-3421 USB Device Driver
Title source: llmDescription
drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/torvalds/linux/commit/b5fdf5c6e6bee35837e160c00ac89327bdad031b
Mailing List, Patch, Vendor Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.6
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
Scores
CVSS v3
6.8
EPSS
0.0033
EPSS Percentile
25.3%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (2)
debian/debian_linux
9.0
linux/linux_kernel
< 5.13.6
Published
Aug 08, 2021
Tracked Since
Feb 18, 2026