CVE-2023-52901

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-52901
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52901.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-52901
Related
Published
2024-08-21T07:15:06Z
Modified
2024-09-13T14:45:48.592662Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: xhci: Check endpoint is valid before dereferencing it

When the host controller is not responding, all URBs queued to all endpoints need to be killed. This can cause a kernel panic if we dereference an invalid endpoint.

Fix this by using xhcigetvirt_ep() helper to find the endpoint and checking if the endpoint is valid before dereferencing it.

[233311.853271] xhci-hcd xhci-hcd.1.auto: xHCI host controller not responding, assume dead [233311.853393] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000e8

[233311.853964] pc : xhcihcdied+0x10c/0x270 [233311.853971] lr : xhcihcdied+0x1ac/0x270

[233311.854077] Call trace: [233311.854085] xhcihcdied+0x10c/0x270 [233311.854093] xhcistopendpointcommandwatchdog+0x100/0x1a4 [233311.854105] calltimerfn+0x50/0x2d4 [233311.854112] expiretimers+0xac/0x2e4 [233311.854118] runtimersoftirq+0x300/0xabc [233311.854127] _dosoftirq+0x148/0x528 [233311.854135] irqexit+0x194/0x1a8 [233311.854143] _handledomainirq+0x164/0x1d0 [233311.854149] gichandleirq.22273+0x10c/0x188 [233311.854156] el1irq+0xfc/0x1a8 [233311.854175] lpmcpuidleenter+0x25c/0x418 [msmpm] [233311.854185] cpuidleenterstate+0x1f0/0x764 [233311.854194] doidle+0x594/0x6ac [233311.854201] cpustartupentry+0x7c/0x80 [233311.854209] secondarystartkernel+0x170/0x198

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.178-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1
5.10.127-1
5.10.127-2~bpo10+1
5.10.127-2
5.10.136-1
5.10.140-1
5.10.148-1
5.10.149-1
5.10.149-2
5.10.158-1
5.10.158-2
5.10.162-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}