LinuxCVELIST:CVE-2023-52901CVE-2023-52901 usb: xhci: Check endpoint is valid before dereferencing it
EPSS
Percentile
5.1%
In the Linux kernel, the following vulnerability has been resolved:
usb: xhci: Check endpoint is valid before dereferencing it
When the host controller is not responding, all URBs queued to all
endpoints need to be killed. This can cause a kernel panic if we
dereference an invalid endpoint.
Fix this by using xhci_get_virt_ep() helper to find the endpoint and
checking if the endpoint is valid before dereferencing it.
[233311.853271] xhci-hcd xhci-hcd.1.auto: xHCI host controller not responding, assume dead
[233311.853393] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000e8
[233311.853964] pc : xhci_hc_died+0x10c/0x270
[233311.853971] lr : xhci_hc_died+0x1ac/0x270
[233311.854077] Call trace:
[233311.854085] xhci_hc_died+0x10c/0x270
[233311.854093] xhci_stop_endpoint_command_watchdog+0x100/0x1a4
[233311.854105] call_timer_fn+0x50/0x2d4
[233311.854112] expire_timers+0xac/0x2e4
[233311.854118] run_timer_softirq+0x300/0xabc
[233311.854127] __do_softirq+0x148/0x528
[233311.854135] irq_exit+0x194/0x1a8
[233311.854143] __handle_domain_irq+0x164/0x1d0
[233311.854149] gic_handle_irq.22273+0x10c/0x188
[233311.854156] el1_irq+0xfc/0x1a8
[233311.854175] lpm_cpuidle_enter+0x25c/0x418 [msm_pm]
[233311.854185] cpuidle_enter_state+0x1f0/0x764
[233311.854194] do_idle+0x594/0x6ac
[233311.854201] cpu_startup_entry+0x7c/0x80
[233311.854209] secondary_start_kernel+0x170/0x198
CNA Affected
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/usb/host/xhci-ring.c"
],
"versions": [
{
"version": "50e8725e7c42",
"lessThan": "375be2dd61a0",
"status": "affected",
"versionType": "git"
},
{
"version": "50e8725e7c42",
"lessThan": "2d2820d5f375",
"status": "affected",
"versionType": "git"
},
{
"version": "50e8725e7c42",
"lessThan": "9891e5c73cab",
"status": "affected",
"versionType": "git"
},
{
"version": "50e8725e7c42",
"lessThan": "66fc1600855c",
"status": "affected",
"versionType": "git"
},
{
"version": "50e8725e7c42",
"lessThan": "f39c813af0b6",
"status": "affected",
"versionType": "git"
},
{
"version": "50e8725e7c42",
"lessThan": "08864dc14a68",
"status": "affected",
"versionType": "git"
},
{
"version": "50e8725e7c42",
"lessThan": "e8fb5bc76eb8",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/usb/host/xhci-ring.c"
],
"versions": [
{
"version": "3.15",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.15",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.14.304",
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "4.19.271",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.230",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.165",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.90",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.8",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.2",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]References
git.kernel.org/stable/c/08864dc14a6803f0377ca77b9740b26db30c020f
git.kernel.org/stable/c/2d2820d5f375563690c96e60676855205abfb7f5
git.kernel.org/stable/c/375be2dd61a072f7b1cac9b17eea59e07b58db3a
git.kernel.org/stable/c/66fc1600855c05c4ba4e997184c91cf298e0405c
git.kernel.org/stable/c/9891e5c73cab3fd9ed532dc50e9799e55e974766
git.kernel.org/stable/c/e8fb5bc76eb86437ab87002d4a36d6da02165654
git.kernel.org/stable/c/f39c813af0b64f44af94e435c07bfa1ddc2575f5
Related
