| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123032-CVE-2023-54299-ec86@gregkh> Date: Tue, 30 Dec 2025 13:23:52 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-54299: usb: typec: bus: verify partner exists in typec_altmode_attention From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: usb: typec: bus: verify partner exists in typec_altmode_attention Some usb hubs will negotiate DisplayPort Alt mode with the device but will then negotiate a data role swap after entering the alt mode. The data role swap causes the device to unregister all alt modes, however the usb hub will still send Attention messages even after failing to reregister the Alt Mode. type_altmode_attention currently does not verify whether or not a device's altmode partner exists, which results in a NULL pointer error when dereferencing the typec_altmode and typec_altmode_ops belonging to the altmode partner. Verify the presence of a device's altmode partner before sending the Attention message to the Alt Mode driver. The Linux kernel CVE team has assigned CVE-2023-54299 to this issue. Affected and fixed versions =========================== Issue introduced in 4.19 with commit 8a37d87d72f0c69f837229c04d2fcd7117ea57e7 and fixed in 5.4.257 with commit 5f71716772b88cbe0e1788f6a38d7871aff2120b Issue introduced in 4.19 with commit 8a37d87d72f0c69f837229c04d2fcd7117ea57e7 and fixed in 5.10.195 with commit 38e1f2ee82bacbbfded8f1c06794a443d038d054 Issue introduced in 4.19 with commit 8a37d87d72f0c69f837229c04d2fcd7117ea57e7 and fixed in 5.15.132 with commit 0ad6bad31da692f8d7acacab07eabe7586239ae0 Issue introduced in 4.19 with commit 8a37d87d72f0c69f837229c04d2fcd7117ea57e7 and fixed in 6.1.53 with commit 0d3b5fe47938e9c451466845304a2bd74e967a80 Issue introduced in 4.19 with commit 8a37d87d72f0c69f837229c04d2fcd7117ea57e7 and fixed in 6.4.16 with commit d49547950bf7f3480d6ca05fe055978e5f0d9e5b Issue introduced in 4.19 with commit 8a37d87d72f0c69f837229c04d2fcd7117ea57e7 and fixed in 6.5.3 with commit 1101867a1711c27d8bbe0e83136bec47f8c1ca2a Issue introduced in 4.19 with commit 8a37d87d72f0c69f837229c04d2fcd7117ea57e7 and fixed in 6.6 with commit f23643306430f86e2f413ee2b986e0773e79da31 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-54299 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/usb/typec/bus.c drivers/usb/typec/tcpm/tcpm.c include/linux/usb/typec_altmode.h Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/5f71716772b88cbe0e1788f6a38d7871aff2120b https://git.kernel.org/stable/c/38e1f2ee82bacbbfded8f1c06794a443d038d054 https://git.kernel.org/stable/c/0ad6bad31da692f8d7acacab07eabe7586239ae0 https://git.kernel.org/stable/c/0d3b5fe47938e9c451466845304a2bd74e967a80 https://git.kernel.org/stable/c/d49547950bf7f3480d6ca05fe055978e5f0d9e5b https://git.kernel.org/stable/c/1101867a1711c27d8bbe0e83136bec47f8c1ca2a https://git.kernel.org/stable/c/f23643306430f86e2f413ee2b986e0773e79da31
Powered by blists - more mailing lists