摘要:
In the Linux kernel, the following vulnerability has been resolved:usb: typec: tcpm: Check for port partner validity before consuming ittypec_register_partner() does not guarantee partner registrationto always succeed. In the event of failure, port->partner is setto the error value or NULL. Given that port->partner validity isnot checked, this results in the following crash:Unable to handle kernel NULL pointer dereference at virtual address xx pc : run_state_machine+0x1bc8/0x1c08 lr : run_state_machine+0x1b90/0x1c08.. Call trace: run_state_machine+0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20To prevent the crash, check for port->partner validity beforederefencing it in all the call sites.
安全等级: Low
公告ID: KylinSec-SA-2024-3015
发布日期: 2024年7月4日
关联CVE: CVE-2024-36893
In the Linux kernel, the following vulnerability has been resolved:usb: typec: tcpm: Check for port partner validity before consuming ittypec_register_partner() does not guarantee partner registrationto always succeed. In the event of failure, port->partner is setto the error value or NULL. Given that port->partner validity isnot checked, this results in the following crash:Unable to handle kernel NULL pointer dereference at virtual address xx pc : run_state_machine+0x1bc8/0x1c08 lr : run_state_machine+0x1b90/0x1c08.. Call trace: run_state_machine+0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20To prevent the crash, check for port->partner validity beforederefencing it in all the call sites.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2024-36893 | KY3.4-5A | kernel | Unaffected |
| CVE-2024-36893 | KY3.5.2 | kernel | Unaffected |
| CVE-2024-36893 | V6 | kernel | Unaffected |
