CVE-2024-27060

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-27060
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27060.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-27060
Downstream
Published
2024-05-01T13:00:13Z
Modified
2025-10-14T14:30:42.401568Z
Summary
thunderbolt: Fix NULL pointer dereference in tb_port_update_credits()
Details

In the Linux kernel, the following vulnerability has been resolved:

thunderbolt: Fix NULL pointer dereference in tbportupdate_credits()

Olliver reported that his system crashes when plugging in Thunderbolt 1 device:

BUG: kernel NULL pointer dereference, address: 0000000000000020 #PF: supervisor read access in kernel mode #PF: errorcode(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:tbportdoupdatecredits+0x1b/0x130 [thunderbolt] Call Trace: <TASK> ? _die+0x23/0x70 ? pagefaultoops+0x171/0x4e0 ? excpagefault+0x7f/0x180 ? asmexcpagefault+0x26/0x30 ? tbportdoupdatecredits+0x1b/0x130 ? tbswitchupdatelinkattributes+0x83/0xd0 tbswitchadd+0x7a2/0xfe0 tbscanport+0x236/0x6f0 tbhandlehotplug+0x6db/0x900 processonework+0x171/0x340 workerthread+0x27b/0x3a0 ? _pfxworkerthread+0x10/0x10 kthread+0xe5/0x120 ? _pfxkthread+0x10/0x10 retfromfork+0x31/0x50 ? _pfxkthread+0x10/0x10 retfromforkasm+0x1b/0x30 </TASK>

This is due the fact that some Thunderbolt 1 devices only have one lane adapter. Fix this by checking for the lane 1 before we read its credits.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9b6933e9bddc04655a894c74cd5c62202a5e3d89
Fixed
440fba897c5ae32d7df1f1d609dbb19e2bba7fbb
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
81af2952e60603d12415e1a6fd200f8073a2ad8b
Fixed
ce64ba1f6ec3439e4b4d880b4db99673f4507228
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
81af2952e60603d12415e1a6fd200f8073a2ad8b
Fixed
d3d17e23d1a0d1f959b4fa55b35f1802d9c584fa

Affected versions

v6.*

v6.6
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.10
v6.7.11
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.7.6
v6.7.7
v6.7.8
v6.7.9
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4

Database specific 

{
    "vanir_signatures": [
        {
            "target": {
                "file": "drivers/thunderbolt/switch.c"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "309569338119868861289880052534342643233",
                    "150767838350790419125822964427865227229",
                    "35146155153849512377157021986536473562",
                    "43850763743963110305132317775287263517"
                ]
            },
            "deprecated": false,
            "id": "CVE-2024-27060-2c708c91",
            "signature_type": "Line",
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@440fba897c5ae32d7df1f1d609dbb19e2bba7fbb"
        },
        {
            "target": {
                "function": "tb_port_update_credits",
                "file": "drivers/thunderbolt/switch.c"
            },
            "digest": {
                "length": 145.0,
                "function_hash": "220326142615825294022336804320117953520"
            },
            "deprecated": false,
            "id": "CVE-2024-27060-2cd01d93",
            "signature_type": "Function",
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d3d17e23d1a0d1f959b4fa55b35f1802d9c584fa"
        },
        {
            "target": {
                "function": "tb_port_update_credits",
                "file": "drivers/thunderbolt/switch.c"
            },
            "digest": {
                "length": 145.0,
                "function_hash": "220326142615825294022336804320117953520"
            },
            "deprecated": false,
            "id": "CVE-2024-27060-49121a9d",
            "signature_type": "Function",
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@440fba897c5ae32d7df1f1d609dbb19e2bba7fbb"
        },
        {
            "target": {
                "function": "tb_port_update_credits",
                "file": "drivers/thunderbolt/switch.c"
            },
            "digest": {
                "length": 145.0,
                "function_hash": "220326142615825294022336804320117953520"
            },
            "deprecated": false,
            "id": "CVE-2024-27060-8341bbad",
            "signature_type": "Function",
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ce64ba1f6ec3439e4b4d880b4db99673f4507228"
        },
        {
            "target": {
                "file": "drivers/thunderbolt/switch.c"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "309569338119868861289880052534342643233",
                    "150767838350790419125822964427865227229",
                    "35146155153849512377157021986536473562",
                    "43850763743963110305132317775287263517"
                ]
            },
            "deprecated": false,
            "id": "CVE-2024-27060-a467a47b",
            "signature_type": "Line",
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d3d17e23d1a0d1f959b4fa55b35f1802d9c584fa"
        },
        {
            "target": {
                "file": "drivers/thunderbolt/switch.c"
            },
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "309569338119868861289880052534342643233",
                    "150767838350790419125822964427865227229",
                    "35146155153849512377157021986536473562",
                    "43850763743963110305132317775287263517"
                ]
            },
            "deprecated": false,
            "id": "CVE-2024-27060-be0e94d0",
            "signature_type": "Line",
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ce64ba1f6ec3439e4b4d880b4db99673f4507228"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.7.12