CVE-2023-52877 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() It is possible that typec_register_partner() returns ERR_PTR on failure. When port->partner is an error, a NULL pointer dereference may occur as shown below. [91222.095236][ T319] typec port0: failed to register partner (-17) ... [91225.061491][ T319] Unable to handle kernel NULL pointer dereference at virtual address 000000000000039f [91225.274642][ T319] pc : tcpm_pd_data_request+0x310/0x13fc [91225.274646][ T319] lr : tcpm_pd_data_request+0x298/0x13fc [91225.308067][ T319] Call trace: [91225.308070][ T319] tcpm_pd_data_request+0x310/0x13fc [91225.308073][ T319] tcpm_pd_rx_handler+0x100/0x9e8 [91225.355900][ T319] kthread_worker_fn+0x178/0x58c [91225.355902][ T319] kthread+0x150/0x200 [91225.355905][ T319] ret_from_fork+0x10/0x30 Add a check for port->partner to avoid dereferencing a NULL pointer.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.8.1.rt7.349.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:4352	2024-07-08T00:00:00Z
kernel-0:4.18.0-553.8.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:4211	2024-07-02T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/4987daf86c152ff882d51572d154ad12e4ff3a4b
https://git.kernel.org/stable/c/9ee038590d808a95d16adf92818dcd4752273c08
https://git.kernel.org/stable/c/b37a168c0137156042a0ca9626651b5a789e822b
https://git.kernel.org/stable/c/e5f53a68a596e04df3fde3099273435a30b6fdac
https://git.kernel.org/stable/c/e7a802447c491903aa7cb45967aa2a934a4e63fc
https://lore.kernel.org/linux-cve-announce/2024052122-CVE-2023-52877-0826@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-52877
https://www.cve.org/CVERecord?id=CVE-2023-52877

History

No history.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-21T15:32:09.946Z

Updated: 2024-08-02T23:11:36.091Z

Reserved: 2024-05-21T15:19:24.264Z

Link: CVE-2023-52877

Vulnrichment

Updated: 2024-08-02T23:11:36.091Z

NVD

Status : Awaiting Analysis

Published: 2024-05-21T16:15:24.377

Modified: 2024-05-21T16:53:56.550

Link: CVE-2023-52877

Redhat

Severity : Low

Publid Date: 2024-05-21T00:00:00Z

Links: CVE-2023-52877 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object