CVE-2024-36893
- Source
- https://cve.org/CVERecord?id=CVE-2024-36893
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36893.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-36893
- Downstream
- Related
- Published
- 2024-05-30T15:28:59.113Z
- Modified
- 2026-05-15T04:08:33.643295544Z
- Summary
- usb: typec: tcpm: Check for port partner validity before consuming it
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: tcpm: Check for port partner validity before consuming it
typecregisterpartner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash:
Unable to handle kernel NULL pointer dereference at virtual address xx pc : runstatemachine+0x1bc8/0x1c08 lr : runstatemachine+0x1b90/0x1c08 .. Call trace: runstatemachine+0x1bc8/0x1c08 tcpmstatemachinework+0x94/0xe4 kthreadworkerfn+0x118/0x328 kthread+0x1d0/0x23c retfrom_fork+0x10/0x20
To prevent the crash, check for port->partner validity before derefencing it in all the call sites.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36893.json" }- References
-
- https://git.kernel.org/stable/c/2a07e6f0ad8a6e504a3912cfe8dc859b7d0740a5
- https://git.kernel.org/stable/c/789326cafbd1f67f424436b6bc8bdb887a364637
- https://git.kernel.org/stable/c/ae11f04b452b5205536e1c02d31f8045eba249dd
- https://git.kernel.org/stable/c/d56d2ca03cc22123fd7626967d096d8661324e57
- https://git.kernel.org/stable/c/fc2b655cb6dd2b381f1f284989721002e39b6b77
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36893.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-36893
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Linux / Kernel
Package
- Name
- Kernel