CVE-2024-36893
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-36893
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36893.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-36893
- Downstream
- Related
- Published
- 2024-05-30T15:28:59.113Z
- Modified
- 2025-11-28T02:35:40.035494Z
- Summary
- usb: typec: tcpm: Check for port partner validity before consuming it
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: tcpm: Check for port partner validity before consuming it
typecregisterpartner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash:
Unable to handle kernel NULL pointer dereference at virtual address xx pc : runstatemachine+0x1bc8/0x1c08 lr : runstatemachine+0x1b90/0x1c08 .. Call trace: runstatemachine+0x1bc8/0x1c08 tcpmstatemachinework+0x94/0xe4 kthreadworkerfn+0x118/0x328 kthread+0x1d0/0x23c retfrom_fork+0x10/0x20
To prevent the crash, check for port->partner validity before derefencing it in all the call sites.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36893.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/2a07e6f0ad8a6e504a3912cfe8dc859b7d0740a5
- https://git.kernel.org/stable/c/789326cafbd1f67f424436b6bc8bdb887a364637
- https://git.kernel.org/stable/c/ae11f04b452b5205536e1c02d31f8045eba249dd
- https://git.kernel.org/stable/c/d56d2ca03cc22123fd7626967d096d8661324e57
- https://git.kernel.org/stable/c/fc2b655cb6dd2b381f1f284989721002e39b6b77
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36893.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-36893
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced31220bd89c22a18478f52fcd8069e8e2adb8f4f2Fixed2a07e6f0ad8a6e504a3912cfe8dc859b7d0740a5
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9b7cd3fe01f0d03cf5820b351a6be2a6e0a6da6fFixedd56d2ca03cc22123fd7626967d096d8661324e57
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc97cd0b4b54eb42aed7f6c3c295a2d137f6d2416Fixed789326cafbd1f67f424436b6bc8bdb887a364637Fixedfc2b655cb6dd2b381f1f284989721002e39b6b77Fixedae11f04b452b5205536e1c02d31f8045eba249dd
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected2897b36d2482b84f35e659989d5cb4501fb31ccdLast affectedcbcf107780aecf51aba68488044a416d95060b6d
Linux / Kernel
Package
- Name
- Kernel