In the Linux kernel, the following vulnerability has been resolved: usb:
chipidea: ci_hdrc_imx: Also search for ‘phys’ phandle When passing ‘phys’
in the devicetree to describe the USB PHY phandle (which is the recommended
way according to Documentation/devicetree/bindings/usb/ci-hdrc-usb2.txt)
the following NULL pointer dereference is observed on i.MX7 and i.MX8MM: [
1.489344] Unable to handle kernel NULL pointer dereference at virtual
address 0000000000000098 [ 1.498170] Mem abort info: [ 1.500966] ESR =
0x96000044 [ 1.504030] EC = 0x25: DABT (current EL), IL = 32 bits [
1.509356] SET = 0, FnV = 0 [ 1.512416] EA = 0, S1PTW = 0 [ 1.515569] FSC =
0x04: level 0 translation fault [ 1.520458] Data abort info: [ 1.523349]
ISV = 0, ISS = 0x00000044 [ 1.527196] CM = 0, WnR = 1 [ 1.530176]
[0000000000000098] user address but active_mm is swapper [ 1.536544]
Internal error: Oops: 96000044 [#1] PREEMPT SMP [ 1.542125] Modules linked
in: [ 1.545190] CPU: 3 PID: 7 Comm: kworker/u8:0 Not tainted 5.14.0-dirty
#3 [ 1.551901] Hardware name: Kontron i.MX8MM N801X S (DT) [ 1.557133]
Workqueue: events_unbound deferred_probe_work_func [ 1.562984] pstate:
80000005 (Nzcv daif -PAN -UAO -TCO BTYPE=–) [ 1.568998] pc :
imx7d_charger_detection+0x3f0/0x510 [ 1.573973] lr :
imx7d_charger_detection+0x22c/0x510 This happens because the charger
functions check for the phy presence inside the imx_usbmisc_data structure
(data->usb_phy), but the chipidea core populates the usb_phy passed via
‘phys’ inside ‘struct ci_hdrc’ (ci->usb_phy) instead. This causes the NULL
pointer dereference inside imx7d_charger_detection(). Fix it by also
searching for ‘phys’ in case ‘fsl,usbphy’ is not found. Tested on a
imx7s-warp board.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/8253a34bfae3278baca52fc1209b7c29270486ca (5.15-rc5)
git.kernel.org/stable/c/66dd03b10e1c0b2fae006c6e34c18ea8ee033e7b
git.kernel.org/stable/c/8253a34bfae3278baca52fc1209b7c29270486ca
git.kernel.org/stable/c/b3265b88e83b16c7be762fa5fb7e0632bce0002c
launchpad.net/bugs/cve/CVE-2021-47413
nvd.nist.gov/vuln/detail/CVE-2021-47413
security-tracker.debian.org/tracker/CVE-2021-47413
www.cve.org/CVERecord?id=CVE-2021-47413