CVE-2023-52877

usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm()

Severity Score

4.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() It is possible that typec_register_partner() returns ERR_PTR on failure.
When port->partner is an error, a NULL pointer dereference may occur as
shown below. [91222.095236][ T319] typec port0: failed to register partner (-17)
...
[91225.061491][ T319] Unable to handle kernel NULL pointer dereference
at virtual address 000000000000039f
[91225.274642][ T319] pc : tcpm_pd_data_request+0x310/0x13fc
[91225.274646][ T319] lr : tcpm_pd_data_request+0x298/0x13fc
[91225.308067][ T319] Call trace:
[91225.308070][ T319] tcpm_pd_data_request+0x310/0x13fc
[91225.308073][ T319] tcpm_pd_rx_handler+0x100/0x9e8
[91225.355900][ T319] kthread_worker_fn+0x178/0x58c
[91225.355902][ T319] kthread+0x150/0x200
[91225.355905][ T319] ret_from_fork+0x10/0x30 Add a check for port->partner to avoid dereferencing a NULL pointer.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: typec: tcpm: corrige la desreferencia del puntero NULL en tcpm_pd_svdm(). Es posible que typec_register_partner() devuelva ERR_PTR en caso de fallo. Cuando port->partner es un error, puede ocurrir una desreferencia de puntero NULL como se muestra a continuación. [91222.095236][T319] typec port0: no se pudo registrar el socio (-17)... [91225.061491][T319] No se puede manejar la desreferencia del puntero NULL del kernel en la dirección virtual 000000000000039f [91225.274642][T319] pc: tcpm_pd_data_request+0x310 /0x13fc [91225.274646][ T319] lr: tcpm_pd_data_request+0x298/0x13fc [91225.308067][ T319] Rastreo de llamadas: [91225.308070][ T319] tcpm_pd_data_request+0x310/0x13fc 3][T319] tcpm_pd_rx_handler+0x100/0x9e8 [91225.355900][T319] kthread_worker_fn+0x178/0x58c [91225.355902][ T319] kthread+0x150/0x200 [91225.355905][ T319] ret_from_fork+0x10/0x30 Agregue una verificación de port->partner para evitar desreferenciar un puntero NULL.

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() It is possible that typec_register_partner() returns ERR_PTR on failure. When port->partner is an error, a NULL pointer dereference may occur as shown below. [91222.095236][ T319] typec port0: failed to register partner (-17) ... [91225.061491][ T319] Unable to handle kernel NULL pointer dereference at virtual address 000000000000039f [91225.274642][ T319] pc : tcpm_pd_data_request+0x310/0x13fc [91225.274646][ T319] lr : tcpm_pd_data_request+0x298/0x13fc [91225.308067][ T319] Call trace: [91225.308070][ T319] tcpm_pd_data_request+0x310/0x13fc [91225.308073][ T319] tcpm_pd_rx_handler+0x100/0x9e8 [91225.355900][ T319] kthread_worker_fn+0x178/0x58c [91225.355902][ T319] kthread+0x150/0x200 [91225.355905][ T319] ret_from_fork+0x10/0x30 Add a check for port->partner to avoid dereferencing a NULL pointer.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-05-21 CVE Published
2024-12-19 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/5e1d4c49fbc86dab6e005d66f066bd53c9479cde	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/e5f53a68a596e04df3fde3099273435a30b6fdac	2023-11-08
https://git.kernel.org/stable/c/e7a802447c491903aa7cb45967aa2a934a4e63fc	2023-11-08
https://git.kernel.org/stable/c/9ee038590d808a95d16adf92818dcd4752273c08	2023-11-08
https://git.kernel.org/stable/c/b37a168c0137156042a0ca9626651b5a789e822b	2023-11-08
https://git.kernel.org/stable/c/4987daf86c152ff882d51572d154ad12e4ff3a4b	2023-10-27

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-52877	2024-07-08
https://bugzilla.redhat.com/show_bug.cgi?id=2282712	2024-07-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 5.15.138 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 5.15.138"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 6.1.62 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 6.1.62"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 6.5.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 6.5.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 6.6.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 6.6.1"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.12 < 6.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.12 < 6.7"		en		Affected