5.5

CVE-2023-52901

usb: xhci: Check endpoint is valid before dereferencing it

In the Linux kernel, the following vulnerability has been resolved:

usb: xhci: Check endpoint is valid before dereferencing it

When the host controller is not responding, all URBs queued to all
endpoints need to be killed. This can cause a kernel panic if we
dereference an invalid endpoint.

Fix this by using xhci_get_virt_ep() helper to find the endpoint and
checking if the endpoint is valid before dereferencing it.

[233311.853271] xhci-hcd xhci-hcd.1.auto: xHCI host controller not responding, assume dead
[233311.853393] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000e8

[233311.853964] pc : xhci_hc_died+0x10c/0x270
[233311.853971] lr : xhci_hc_died+0x1ac/0x270

[233311.854077] Call trace:
[233311.854085]  xhci_hc_died+0x10c/0x270
[233311.854093]  xhci_stop_endpoint_command_watchdog+0x100/0x1a4
[233311.854105]  call_timer_fn+0x50/0x2d4
[233311.854112]  expire_timers+0xac/0x2e4
[233311.854118]  run_timer_softirq+0x300/0xabc
[233311.854127]  __do_softirq+0x148/0x528
[233311.854135]  irq_exit+0x194/0x1a8
[233311.854143]  __handle_domain_irq+0x164/0x1d0
[233311.854149]  gic_handle_irq.22273+0x10c/0x188
[233311.854156]  el1_irq+0xfc/0x1a8
[233311.854175]  lpm_cpuidle_enter+0x25c/0x418 [msm_pm]
[233311.854185]  cpuidle_enter_state+0x1f0/0x764
[233311.854194]  do_idle+0x594/0x6ac
[233311.854201]  cpu_startup_entry+0x7c/0x80
[233311.854209]  secondary_start_kernel+0x170/0x198
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.15 < 4.14.304
LinuxLinux Kernel Version >= 4.15 < 4.19.271
LinuxLinux Kernel Version >= 4.20 < 5.4.230
LinuxLinux Kernel Version >= 5.5 < 5.10.165
LinuxLinux Kernel Version >= 5.11 < 5.15.90
LinuxLinux Kernel Version >= 5.16 < 6.1.8
LinuxLinux Kernel Version6.2 Updaterc1
LinuxLinux Kernel Version6.2 Updaterc2
LinuxLinux Kernel Version6.2 Updaterc3
LinuxLinux Kernel Version6.2 Updaterc4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.148
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/08864dc14a6803f0377ca77b9740b26db30c020f
Patch
https://git.kernel.org/stable/c/2d2820d5f375563690c96e60676855205abfb7f5
Patch
https://git.kernel.org/stable/c/375be2dd61a072f7b1cac9b17eea59e07b58db3a
Patch
https://git.kernel.org/stable/c/66fc1600855c05c4ba4e997184c91cf298e0405c
Patch
https://git.kernel.org/stable/c/9891e5c73cab3fd9ed532dc50e9799e55e974766
Patch
https://git.kernel.org/stable/c/e8fb5bc76eb86437ab87002d4a36d6da02165654
Patch
https://git.kernel.org/stable/c/f39c813af0b64f44af94e435c07bfa1ddc2575f5
Patch