| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024053034-CVE-2024-36893-476e@gregkh> Date: Thu, 30 May 2024 17:28:45 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-36893: usb: typec: tcpm: Check for port partner validity before consuming it Description =========== In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Check for port partner validity before consuming it typec_register_partner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash: Unable to handle kernel NULL pointer dereference at virtual address xx pc : run_state_machine+0x1bc8/0x1c08 lr : run_state_machine+0x1b90/0x1c08 . Call trace: run_state_machine+0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20 To prevent the crash, check for port->partner validity before derefencing it in all the call sites. The Linux kernel CVE team has assigned CVE-2024-36893 to this issue. Affected and fixed versions =========================== Issue introduced in 6.1.53 with commit 9b7cd3fe01f0 and fixed in 6.1.91 with commit d56d2ca03cc2 Issue introduced in 6.6 with commit c97cd0b4b54e and fixed in 6.6.31 with commit 789326cafbd1 Issue introduced in 6.6 with commit c97cd0b4b54e and fixed in 6.8.10 with commit fc2b655cb6dd Issue introduced in 6.6 with commit c97cd0b4b54e and fixed in 6.9 with commit ae11f04b452b Issue introduced in 5.15.132 with commit 31220bd89c22 Issue introduced in 6.4.16 with commit 2897b36d2482 Issue introduced in 6.5.3 with commit cbcf107780ae Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-36893 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/usb/typec/tcpm/tcpm.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/d56d2ca03cc22123fd7626967d096d8661324e57 https://git.kernel.org/stable/c/789326cafbd1f67f424436b6bc8bdb887a364637 https://git.kernel.org/stable/c/fc2b655cb6dd2b381f1f284989721002e39b6b77 https://git.kernel.org/stable/c/ae11f04b452b5205536e1c02d31f8045eba249dd
Powered by blists - more mailing lists