CVE-2023-53049

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-53049
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53049.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-53049
Downstream
Related
Published
2025-05-02T15:55:05.568Z
Modified
2026-04-03T13:14:23.762871702Z
Summary
usb: ucsi: Fix NULL pointer deref in ucsi_connector_change()
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: ucsi: Fix NULL pointer deref in ucsiconnectorchange()

When ucsiinit() fails, ucsi->connector is NULL, yet in case of ucsiacpi we may still get events which cause the ucsacpi code to call ucsiconnector_change(), which then derefs the NULL ucsi->connector pointer.

Fix this by not setting ucsi->ntfy inside ucsiinit() until ucsiinit() has succeeded, so that ucsiconnectorchange() ignores the events because UCSIENABLENTFYCONNECTORCHANGE is not set in the ntfy mask.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53049.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
bdc62f2bae8fb0e8e99574de5232f0a3c54a27df
Fixed
a6adfe9bbd6ac11e398b54ccd99a0f8eea09f3c0
Fixed
7dd27aed9c456670b3882877ef17a48195f21693
Fixed
1c5abcb13491da8c049f20462189c12c753ba978
Fixed
7ef0423e43f877a328454059d46763043ce3da44
Fixed
f87fb985452ab2083967103ac00bfd68fb182764

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53049.json"