Description
In the Linux kernel, the following vulnerability has been resolved:

usb: typec: Fix error pointer dereference

The variable tps->partner is checked for an error pointer and then if it
is, it sends an error message but does not return and then immediately
dereferenced a few lines below:

tps->partner = typec_register_partner(tps->port, &desc);
if (IS_ERR(tps->partner))
dev_warn(tps->dev, "%s: failed to register partnet\n", __func__);

if (desc.identity) {
typec_partner_set_identity(tps->partner);
cd321x->cur_partner_identity = st.partner_identity;
}

Add early return and fix spelling mistake in error message.

Detected by Smatch:
drivers/usb/typec/tipd/core.c:827 cd321x_update_work() error:
'tps->partner' dereferencing possible ERR_PTR()
Published: 2026-06-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw occurs in the Linux kernel USB Type‑C driver when a partnership registration fails; the code reports the error but continues to use the returned pointer, which may contain an error value. Dereferencing this value can cause the kernel to crash, resulting in a denial‑of‑service condition. The vulnerability does not provide a direct path to code execution. The defect was identified by the Smatch static analyzer and confirmed by a specific commit sequence that fixed the missing early return and corrected a typo in the warning message.

Affected Systems

All Linux kernel builds that include the USB Type‑C driver with a partner registration routine are affected. No specific kernel version range is listed; the issue exists in any release that contains the buggy code before the documented commits. Updating to a kernel version incorporating the fixes from the referenced commits or newer kernels should eliminate the problem.

Risk and Exploitability

Based on the description, it is inferred that an attacker would need to physically interact with a USB Type‑C device to trigger a partner registration failure. The EPSS score (< 1%) and the CVSS score of 5.5 suggest exploitation is unlikely, but could lead to a kernel panic. Because it is not listed in the CISA KEV catalog, no known exploits exist. The risk level is moderate due to the potential for a DoS scenario.

Generated by OpenCVE AI on June 27, 2026 at 02:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the fix for the Type‑C driver – the relevant commits can be found in the kernel source tree. Specifically, apply the changes introduced by commits 19951118fb22b5ad512379ee64510fe0e2c40eb3, 9e31082f92c913d74fefb4e60cd0284e605ba3a3, and f2529d08fcb429ea01bb87c326342f41483f8b2f.
  • If a kernel upgrade is not possible immediately, disable the USB Type‑C driver by configuring CONFIG_USB_TYPEC=n or unloading the associated module to prevent the faulty code from executing.
  • After applying the update or disabling the driver, validate system stability by connecting a USB Type‑C device and monitoring kernel logs for any usb_typec related warnings or errors.

Generated by OpenCVE AI on June 27, 2026 at 02:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 27 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-390
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low


Wed, 24 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: usb: typec: Fix error pointer dereference The variable tps->partner is checked for an error pointer and then if it is, it sends an error message but does not return and then immediately dereferenced a few lines below: tps->partner = typec_register_partner(tps->port, &desc); if (IS_ERR(tps->partner)) dev_warn(tps->dev, "%s: failed to register partnet\n", __func__); if (desc.identity) { typec_partner_set_identity(tps->partner); cd321x->cur_partner_identity = st.partner_identity; } Add early return and fix spelling mistake in error message. Detected by Smatch: drivers/usb/typec/tipd/core.c:827 cd321x_update_work() error: 'tps->partner' dereferencing possible ERR_PTR()
Title usb: typec: Fix error pointer dereference
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:29:36.615Z

Reserved: 2026-06-09T07:44:35.379Z

Link: CVE-2026-53028

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53028 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-27T02:45:09Z

Weaknesses
  • CWE-390

    Detection of Error Condition Without Action

  • CWE-476

    NULL Pointer Dereference