Lucene search

K
vulnrichmentLinuxVULNRICHMENT:CVE-2023-52877
HistoryMay 21, 2024 - 3:32 p.m.

CVE-2023-52877 usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm()

2024-05-2115:32:09
Linux
github.com
13
linux kernel
usb
typec
tcpm
null pointer dereference

AI Score

6.7

Confidence

Low

EPSS

0

Percentile

15.5%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm()

It is possible that typec_register_partner() returns ERR_PTR on failure.
When port->partner is an error, a NULL pointer dereference may occur as
shown below.

[91222.095236][ T319] typec port0: failed to register partner (-17)

[91225.061491][ T319] Unable to handle kernel NULL pointer dereference
at virtual address 000000000000039f
[91225.274642][ T319] pc : tcpm_pd_data_request+0x310/0x13fc
[91225.274646][ T319] lr : tcpm_pd_data_request+0x298/0x13fc
[91225.308067][ T319] Call trace:
[91225.308070][ T319] tcpm_pd_data_request+0x310/0x13fc
[91225.308073][ T319] tcpm_pd_rx_handler+0x100/0x9e8
[91225.355900][ T319] kthread_worker_fn+0x178/0x58c
[91225.355902][ T319] kthread+0x150/0x200
[91225.355905][ T319] ret_from_fork+0x10/0x30

Add a check for port->partner to avoid dereferencing a NULL pointer.

CNA Affected

[
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "affected",
        "version": "5e1d4c49fbc8",
        "lessThan": "e5f53a68a596",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "5e1d4c49fbc8",
        "lessThan": "e7a802447c49",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "5e1d4c49fbc8",
        "lessThan": "9ee038590d80",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "5e1d4c49fbc8",
        "lessThan": "b37a168c0137",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "5e1d4c49fbc8",
        "lessThan": "4987daf86c15",
        "versionType": "git"
      }
    ],
    "programFiles": [
      "drivers/usb/typec/tcpm/tcpm.c"
    ],
    "defaultStatus": "unaffected"
  },
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "affected",
        "version": "5.12"
      },
      {
        "status": "unaffected",
        "version": "0",
        "lessThan": "5.12",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "5.15.138",
        "versionType": "custom",
        "lessThanOrEqual": "5.15.*"
      },
      {
        "status": "unaffected",
        "version": "6.1.62",
        "versionType": "custom",
        "lessThanOrEqual": "6.1.*"
      },
      {
        "status": "unaffected",
        "version": "6.5.11",
        "versionType": "custom",
        "lessThanOrEqual": "6.5.*"
      },
      {
        "status": "unaffected",
        "version": "6.6.1",
        "versionType": "custom",
        "lessThanOrEqual": "6.6.*"
      },
      {
        "status": "unaffected",
        "version": "6.7",
        "versionType": "original_commit_for_fix",
        "lessThanOrEqual": "*"
      }
    ],
    "programFiles": [
      "drivers/usb/typec/tcpm/tcpm.c"
    ],
    "defaultStatus": "affected"
  }
]

AI Score

6.7

Confidence

Low

EPSS

0

Percentile

15.5%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial