CVE-2023-52901

In the Linux kernel, the following vulnerability has been resolved:

usb: xhci: Check endpoint is valid before dereferencing it

When the host controller is not responding, all URBs queued to all endpoints need to be killed. This can cause a kernel panic if we dereference an invalid endpoint.

Fix this by using xhcigetvirt_ep() helper to find the endpoint and checking if the endpoint is valid before dereferencing it.

[233311.853271] xhci-hcd xhci-hcd.1.auto: xHCI host controller not responding, assume dead [233311.853393] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000e8

[233311.853964] pc : xhcihcdied+0x10c/0x270 [233311.853971] lr : xhcihcdied+0x1ac/0x270

[233311.854077] Call trace: [233311.854085] xhcihcdied+0x10c/0x270 [233311.854093] xhcistopendpointcommandwatchdog+0x100/0x1a4 [233311.854105] calltimerfn+0x50/0x2d4 [233311.854112] expiretimers+0xac/0x2e4 [233311.854118] runtimer_softirq+0x300/0xabc [233311.854127] __dosoftirq+0x148/0x528 [233311.854135] irqexit+0x194/0x1a8 [233311.854143] _handledomainirq+0x164/0x1d0 [233311.854149] gichandleirq.22273+0x10c/0x188 [233311.854156] el1irq+0xfc/0x1a8 [233311.854175] lpmcpuidleenter+0x25c/0x418 [msmpm] [233311.854185] cpuidleenterstate+0x1f0/0x764 [233311.854194] doidle+0x594/0x6ac [233311.854201] cpustartupentry+0x7c/0x80 [233311.854209] secondarystartkernel+0x170/0x198