CVE-2024-36893
usb: typec: tcpm: Check for port partner validity before consuming it
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: tcpm: Check for port partner validity before consuming it
typec_register_partner() does not guarantee partner registration
to always succeed. In the event of failure, port->partner is set
to the error value or NULL. Given that port->partner validity is
not checked, this results in the following crash:
Unable to handle kernel NULL pointer dereference at virtual address xx
pc : run_state_machine+0x1bc8/0x1c08
lr : run_state_machine+0x1b90/0x1c08
..
Call trace:
run_state_machine+0x1bc8/0x1c08
tcpm_state_machine_work+0x94/0xe4
kthread_worker_fn+0x118/0x328
kthread+0x1d0/0x23c
ret_from_fork+0x10/0x20
To prevent the crash, check for port->partner validity before
derefencing it in all the call sites.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: typec: tcpm: verifique la validez del socio del puerto antes de consumirlo. typec_register_partner() no garantiza que el registro del socio sea siempre exitoso. En caso de error, puerto->socio se establece en el valor de error o NULL. Dado que no se verifica la validez del puerto->partner, esto produce el siguiente bloqueo: No se puede manejar la desreferencia del puntero NULL del kernel en la dirección virtual xx pc: run_state_machine+0x1bc8/0x1c08 lr: run_state_machine+0x1b90/0x1c08 .. Seguimiento de llamadas: run_state_machine+ 0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20 Para evitar el bloqueo, verifique la validez del puerto->partner antes de eliminar la barrera en todos los sitios de llamadas.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-30 CVE Reserved
- 2024-05-30 CVE Published
- 2024-06-11 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/31220bd89c22a18478f52fcd8069e8e2adb8f4f2 | Vuln. Introduced | |
https://git.kernel.org/stable/c/9b7cd3fe01f0d03cf5820b351a6be2a6e0a6da6f | Vuln. Introduced | |
https://git.kernel.org/stable/c/c97cd0b4b54eb42aed7f6c3c295a2d137f6d2416 | Vuln. Introduced | |
https://git.kernel.org/stable/c/2897b36d2482b84f35e659989d5cb4501fb31ccd | Vuln. Introduced | |
https://git.kernel.org/stable/c/cbcf107780aecf51aba68488044a416d95060b6d | Vuln. Introduced |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15.132 < 5.15.168 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.132 < 5.15.168" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1.53 < 6.1.91 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.53 < 6.1.91" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6 < 6.6.31 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.6.31" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6 < 6.8.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.8.10" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.9" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.4.16 Search vendor "Linux" for product "Linux Kernel" and version "6.4.16" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.5.3 Search vendor "Linux" for product "Linux Kernel" and version "6.5.3" | en |
Affected
|