CVE-2021-38204

MEDIUM

Linux Kernel < 5.13.6 - Use-After-Free in MAX-3421 USB Device Driver

Title source: llm
STIX 2.1

Description

drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.

References (3)

Core 3
Core References
Mailing List, Patch, Vendor Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.6
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html

Scores

CVSS v3 6.8
EPSS 0.0033
EPSS Percentile 25.3%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (2)
debian/debian_linux 9.0
linux/linux_kernel < 5.13.6
Published Aug 08, 2021
Tracked Since Feb 18, 2026