CVE-2024-36893

usb: typec: tcpm: Check for port partner validity before consuming it

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: tcpm: Check for port partner validity before consuming it

typec_register_partner() does not guarantee partner registration
to always succeed. In the event of failure, port->partner is set
to the error value or NULL. Given that port->partner validity is
not checked, this results in the following crash:

Unable to handle kernel NULL pointer dereference at virtual address xx
pc : run_state_machine+0x1bc8/0x1c08
lr : run_state_machine+0x1b90/0x1c08
..
Call trace:
run_state_machine+0x1bc8/0x1c08
tcpm_state_machine_work+0x94/0xe4
kthread_worker_fn+0x118/0x328
kthread+0x1d0/0x23c
ret_from_fork+0x10/0x20

To prevent the crash, check for port->partner validity before
derefencing it in all the call sites.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: typec: tcpm: verifique la validez del socio del puerto antes de consumirlo. typec_register_partner() no garantiza que el registro del socio sea siempre exitoso. En caso de error, puerto->socio se establece en el valor de error o NULL. Dado que no se verifica la validez del puerto->partner, esto produce el siguiente bloqueo: No se puede manejar la desreferencia del puntero NULL del kernel en la dirección virtual xx pc: run_state_machine+0x1bc8/0x1c08 lr: run_state_machine+0x1b90/0x1c08 .. Seguimiento de llamadas: run_state_machine+ 0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20 Para evitar el bloqueo, verifique la validez del puerto->partner antes de eliminar la barrera en todos los sitios de llamadas.

*Credits: N/A

CVSS Scores

NISTv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-30 CVE Reserved
2024-05-30 CVE Published
2024-06-11 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/9b7cd3fe01f0d03cf5820b351a6be2a6e0a6da6f	Vuln. Introduced
https://git.kernel.org/stable/c/c97cd0b4b54eb42aed7f6c3c295a2d137f6d2416	Vuln. Introduced
https://git.kernel.org/stable/c/31220bd89c22a18478f52fcd8069e8e2adb8f4f2	Vuln. Introduced
https://git.kernel.org/stable/c/2897b36d2482b84f35e659989d5cb4501fb31ccd	Vuln. Introduced
https://git.kernel.org/stable/c/cbcf107780aecf51aba68488044a416d95060b6d	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/d56d2ca03cc22123fd7626967d096d8661324e57	2024-05-17
https://git.kernel.org/stable/c/789326cafbd1f67f424436b6bc8bdb887a364637	2024-05-17
https://git.kernel.org/stable/c/fc2b655cb6dd2b381f1f284989721002e39b6b77	2024-05-17
https://git.kernel.org/stable/c/ae11f04b452b5205536e1c02d31f8045eba249dd	2024-04-30

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.53 < 6.1.91 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.53 < 6.1.91"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.6.31 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.6.31"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.8.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.8.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.15.132 Search vendor "Linux" for product "Linux Kernel" and version "5.15.132"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.4.16 Search vendor "Linux" for product "Linux Kernel" and version "6.4.16"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.5.3 Search vendor "Linux" for product "Linux Kernel" and version "6.5.3"		en		Affected