Mark Tomlinson

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.13.6 **Description** The issue is related to a use-after-free vulnerability in the Linux kernel, specifically in the drivers/usb/host/max3421-hcd.c component. This vulnerability can be exploited by physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations. It could also lead to local escalation of privilege with physical/USB access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. **Recommendations** For Linux kernel versions prior to 5.13.6, update to version 5.13.6 or later to resolve the issue. As a temporary workaround, consider restricting physical access to the device and avoiding the removal of MAX-3421 USB devices in certain situations to minimize the risk of exploitation.