CVE-2024-36893
usb: typec: tcpm: Check for port partner validity before consuming it
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Check for port partner validity before consuming it typec_register_partner() does not guarantee partner registration
to always succeed. In the event of failure, port->partner is set
to the error value or NULL. Given that port->partner validity is
not checked, this results in the following crash: Unable to handle kernel NULL pointer dereference at virtual address xx pc : run_state_machine+0x1bc8/0x1c08 lr : run_state_machine+0x1b90/0x1c08
.. Call trace: run_state_machine+0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20 To prevent the crash, check for port->partner validity before
derefencing it in all the call sites.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: typec: tcpm: verifique la validez del socio del puerto antes de consumirlo. typec_register_partner() no garantiza que el registro del socio sea siempre exitoso. En caso de error, puerto->socio se establece en el valor de error o NULL. Dado que no se verifica la validez del puerto->partner, esto produce el siguiente bloqueo: No se puede manejar la desreferencia del puntero NULL del kernel en la dirección virtual xx pc: run_state_machine+0x1bc8/0x1c08 lr: run_state_machine+0x1b90/0x1c08 .. Seguimiento de llamadas: run_state_machine+ 0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20 Para evitar el bloqueo, verifique la validez del puerto->partner antes de eliminar la barrera en todos los sitios de llamadas.
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Check for port partner validity before consuming it typec_register_partner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash: Unable to handle kernel NULL pointer dereference at virtual address xx pc : run_state_machine+0x1bc8/0x1c08 lr : run_state_machine+0x1b90/0x1c08 .. Call trace: run_state_machine+0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20 To prevent the crash, check for port->partner validity before derefencing it in all the call sites.
Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-30 CVE Reserved
- 2024-05-30 CVE Published
- 2024-12-19 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/31220bd89c22a18478f52fcd8069e8e2adb8f4f2 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/9b7cd3fe01f0d03cf5820b351a6be2a6e0a6da6f | Vuln. Introduced | |
| https://git.kernel.org/stable/c/c97cd0b4b54eb42aed7f6c3c295a2d137f6d2416 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/2897b36d2482b84f35e659989d5cb4501fb31ccd | Vuln. Introduced | |
| https://git.kernel.org/stable/c/cbcf107780aecf51aba68488044a416d95060b6d | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15.132 < 5.15.168 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.132 < 5.15.168" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1.53 < 6.1.91 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.53 < 6.1.91" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6 < 6.6.31 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.6.31" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6 < 6.8.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.8.10" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.9" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.4.16 Search vendor "Linux" for product "Linux Kernel" and version "6.4.16" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.5.3 Search vendor "Linux" for product "Linux Kernel" and version "6.5.3" | en |
Affected
| ||||||