CVE-2021-38204

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.13.6

Description The issue is related to a use-after-free vulnerability in the Linux kernel, specifically in the drivers/usb/host/max3421-hcd.c component. This vulnerability can be exploited by physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations. It could also lead to local escalation of privilege with physical/USB access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.

Recommendations For Linux kernel versions prior to 5.13.6, update to version 5.13.6 or later to resolve the issue. As a temporary workaround, consider restricting physical access to the device and avoiding the removal of MAX-3421 USB devices in certain situations to minimize the risk of exploitation.