CVE-2021-36146

Name of the Vulnerable Software and Affected Versions: ACRN versions prior to 2.5

Description: The issue is related to a NULL Pointer Dereference for a trb pointer in the devicemodel/hw/pci/xhci.c file. This indicates a problem where the software attempts to access or manipulate a null (non-existent) pointer, which can lead to crashes or potentially allow an attacker to execute arbitrary code.

Recommendations: For versions prior to 2.5, update to version 2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the devicemodel/hw/pci/xhci.c module to minimize the risk of exploitation.