{"id":"CVE-2021-38204","details":"drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.","aliases":["A-196448784","ASB-A-196448784"],"modified":"2026-03-15T14:44:21.546792Z","published":"2021-08-08T20:15:07.250Z","related":["SUSE-SU-2021:3177-1","SUSE-SU-2021:3178-1","SUSE-SU-2021:3179-1","SUSE-SU-2021:3192-1","SUSE-SU-2021:3205-1","SUSE-SU-2021:3205-2","SUSE-SU-2021:3206-1","SUSE-SU-2021:3207-1","SUSE-SU-2021:3217-1","SUSE-SU-2021:3876-1","SUSE-SU-2021:3929-1","SUSE-SU-2021:3935-1","SUSE-SU-2021:3969-1","SUSE-SU-2021:3972-1","openSUSE-SU-2021:1271-1","openSUSE-SU-2021:3179-1","openSUSE-SU-2021:3205-1","openSUSE-SU-2021:3876-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"},{"type":"FIX","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.6"},{"type":"FIX","url":"https://github.com/torvalds/linux/commit/b5fdf5c6e6bee35837e160c00ac89327bdad031b"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-38204.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"5.13.6"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}