cve/published/2024/CVE-2024-46719.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-46719: usb: typec: ucsi: Fix null pointer dereference in trace

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 usb: typec: ucsi: Fix null pointer dereference in trace

 ucsi_register_altmode checks IS_ERR for the alt pointer and treats
 NULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled,
 ucsi_register_displayport returns NULL which causes a NULL pointer
 dereference in trace. Rather than return NULL, call
 typec_port_register_altmode to register DisplayPort alternate mode
 as a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.

 The Linux kernel CVE team has assigned CVE-2024-46719 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 5.4.284 with commit 8095bf0579ed4906a33f7bec675bfb29b6b16a3b
 	Fixed in 5.10.226 with commit 7e64cabe81c303bdf6fd26b6a09a3289b33bc870
 	Fixed in 5.15.167 with commit 3aa56313b0de06ce1911950b2cc0c269614a87a9
 	Fixed in 6.1.109 with commit b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae
 	Fixed in 6.6.50 with commit 3b9f2d9301ae67070fe77a0c06758722fd7172b7
 	Fixed in 6.10.9 with commit 99331fe68a8eaa4097143a33fb0c12d5e5e8e830
 	Fixed in 6.11 with commit 99516f76db48e1a9d54cdfed63c1babcee4e71a5

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-46719
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/usb/typec/ucsi/ucsi.h


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b
 	https://git.kernel.org/stable/c/7e64cabe81c303bdf6fd26b6a09a3289b33bc870
 	https://git.kernel.org/stable/c/3aa56313b0de06ce1911950b2cc0c269614a87a9
 	https://git.kernel.org/stable/c/b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae
 	https://git.kernel.org/stable/c/3b9f2d9301ae67070fe77a0c06758722fd7172b7
 	https://git.kernel.org/stable/c/99331fe68a8eaa4097143a33fb0c12d5e5e8e830
 	https://git.kernel.org/stable/c/99516f76db48e1a9d54cdfed63c1babcee4e71a5
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-46719: usb: typec: ucsi: Fix null pointer dereference in trace

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	usb: typec: ucsi: Fix null pointer dereference in trace

	ucsi_register_altmode checks IS_ERR for the alt pointer and treats
	NULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled,
	ucsi_register_displayport returns NULL which causes a NULL pointer
	dereference in trace. Rather than return NULL, call
	typec_port_register_altmode to register DisplayPort alternate mode
	as a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.

	The Linux kernel CVE team has assigned CVE-2024-46719 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 5.4.284 with commit 8095bf0579ed4906a33f7bec675bfb29b6b16a3b
	Fixed in 5.10.226 with commit 7e64cabe81c303bdf6fd26b6a09a3289b33bc870
	Fixed in 5.15.167 with commit 3aa56313b0de06ce1911950b2cc0c269614a87a9
	Fixed in 6.1.109 with commit b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae
	Fixed in 6.6.50 with commit 3b9f2d9301ae67070fe77a0c06758722fd7172b7
	Fixed in 6.10.9 with commit 99331fe68a8eaa4097143a33fb0c12d5e5e8e830
	Fixed in 6.11 with commit 99516f76db48e1a9d54cdfed63c1babcee4e71a5

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-46719
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/usb/typec/ucsi/ucsi.h


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b
	https://git.kernel.org/stable/c/7e64cabe81c303bdf6fd26b6a09a3289b33bc870
	https://git.kernel.org/stable/c/3aa56313b0de06ce1911950b2cc0c269614a87a9
	https://git.kernel.org/stable/c/b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae
	https://git.kernel.org/stable/c/3b9f2d9301ae67070fe77a0c06758722fd7172b7
	https://git.kernel.org/stable/c/99331fe68a8eaa4097143a33fb0c12d5e5e8e830
	https://git.kernel.org/stable/c/99516f76db48e1a9d54cdfed63c1babcee4e71a5