CVE-2024-36893
Published: May 30, 2024
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Check for port partner validity before consuming it typec_register_partner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash: Unable to handle kernel NULL pointer dereference at virtual address xx pc : run_state_machine+0x1bc8/0x1c08 lr : run_state_machine+0x1b90/0x1c08 .. Call trace: run_state_machine+0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20 To prevent the crash, check for port->partner validity before derefencing it in all the call sites.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 31220bd89c22a18478f52fcd8069e8e2adb8f4f2 - < 2a07e6f0ad8a6e504a3912cfe8dc859b7d0740a5affected 9b7cd3fe01f0d03cf5820b351a6be2a6e0a6da6f - < d56d2ca03cc22123fd7626967d096d8661324e57affected c97cd0b4b54eb42aed7f6c3c295a2d137f6d2416 - < 789326cafbd1f67f424436b6bc8bdb887a364637affected c97cd0b4b54eb42aed7f6c3c295a2d137f6d2416 - < fc2b655cb6dd2b381f1f284989721002e39b6b77affected c97cd0b4b54eb42aed7f6c3c295a2d137f6d2416 - < ae11f04b452b5205536e1c02d31f8045eba249dd+6 more versions |
Linux | Linux | affected 6.6unaffected 0 - < 6.6unaffected 5.15.168 - <= 5.15.*unaffected 6.1.91 - <= 6.1.*unaffected 6.6.31 - <= 6.6.*+2 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now