CVE-2024-36893

May 30, 2024, 6:18 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Check for port partner validity before consuming it typec_register_partner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash: Unable to handle kernel NULL pointer dereference at virtual address xx pc : run_state_machine+0x1bc8/0x1c08 lr : run_state_machine+0x1b90/0x1c08 .. Call trace: run_state_machine+0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20 To prevent the crash, check for port->partner validity before derefencing it in all the call sites.

Product(s) Impacted

Product Versions
Linux kernel
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/789326cafbd1f67f424436b6bc8bdb887a364637
https://git.kernel.org/stable/c/ae11f04b452b5205536e1c02d31f8045eba249dd
https://git.kernel.org/stable/c/d56d2ca03cc22123fd7626967d096d8661324e57
https://git.kernel.org/stable/c/fc2b655cb6dd2b381f1f284989721002e39b6b77

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2024-05-30
CVE-2024-36893

Timeline

Published: May 30, 2024, 4:15 p.m.
Last Modified: May 30, 2024, 6:18 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.