openssh: double-free memory corruption may lead to arbitrary code execution (CVE-2021-28041)
A double-free memory corruption, introduced in OpenSSH 8.2, that could be reached by an attacker with access to the agent socket. Exploitable by a user forwarding an agent either to an account shared with a malicious user or to a host with an attacker holding root access.
Fixed In Version:
openssh 8.5
References:
Patch:
https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db