-

CVE-2023-54186

EPSS 0.05%
Veröffentlicht 30.12.2025 12:08:55
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

usb: typec: altmodes/displayport: fix pin_assignment_show

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: altmodes/displayport: fix pin_assignment_show

This patch fixes negative indexing of buf array in pin_assignment_show
when get_current_pin_assignments returns 0 i.e. no compatible pin
assignments are found.

BUG: KASAN: use-after-free in pin_assignment_show+0x26c/0x33c
...
Call trace:
dump_backtrace+0x110/0x204
dump_stack_lvl+0x84/0xbc
print_report+0x358/0x974
kasan_report+0x9c/0xfc
__do_kernel_fault+0xd4/0x2d4
do_bad_area+0x48/0x168
do_tag_check_fault+0x24/0x38
do_mem_abort+0x6c/0x14c
el1_abort+0x44/0x68
el1h_64_sync_handler+0x64/0xa4
el1h_64_sync+0x78/0x7c
pin_assignment_show+0x26c/0x33c
dev_attr_show+0x50/0xc0

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

CNA 2 VulnDex Vulnerability Enrichment 8

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 0e3bb7d6894d9b6e67d6382bb03a46a1dc989588

Version < 0e61a7432fcd4bca06f05b7f1c7d7cb461880fe2

Status affected

Version 0e3bb7d6894d9b6e67d6382bb03a46a1dc989588

Version < 4f9c0a7c272626cb6716ffc7800e8c73260cdce6

Status affected

Version 0e3bb7d6894d9b6e67d6382bb03a46a1dc989588

Version < ff466f77d0a56719979c4234abd412abd98eae8f

Status affected

Version 0e3bb7d6894d9b6e67d6382bb03a46a1dc989588

Version < fc0e18f95c88435bd8a1ceb540243cd7fbcd9781

Status affected

Version 0e3bb7d6894d9b6e67d6382bb03a46a1dc989588

Version < 08bd1be1c716fd50a7df48f82dcbc59a103082b5

Status affected

Version 0e3bb7d6894d9b6e67d6382bb03a46a1dc989588

Version < 54ee23e4ab263a495ace1eed43d3883212ece17f

Status affected

Version 0e3bb7d6894d9b6e67d6382bb03a46a1dc989588

Version < d8f28269dd4bf9b55c3fb376ae31512730a96fce

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.19

Status affected

Version 0

Version < 4.19

Status unaffected

Version <= 4.19.*

Version 4.19.284

Status unaffected

Version <= 5.4.*

Version 5.4.244

Status unaffected

Version <= 5.10.*

Version 5.10.181

Status unaffected

Version <= 5.15.*

Version 5.15.113

Status unaffected

Version <= 6.1.*

Version 6.1.30

Status unaffected

Version <= 6.3.*

Version 6.3.4

Status unaffected

Version <= *

Version 6.4

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.144

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/0e61a7432fcd4bca06f05b7f1c7d7cb461880fe2

https://git.kernel.org/stable/c/4f9c0a7c272626cb6716ffc7800e8c73260cdce6

https://git.kernel.org/stable/c/ff466f77d0a56719979c4234abd412abd98eae8f

https://git.kernel.org/stable/c/fc0e18f95c88435bd8a1ceb540243cd7fbcd9781

https://git.kernel.org/stable/c/08bd1be1c716fd50a7df48f82dcbc59a103082b5

https://git.kernel.org/stable/c/54ee23e4ab263a495ace1eed43d3883212ece17f

https://git.kernel.org/stable/c/d8f28269dd4bf9b55c3fb376ae31512730a96fce

https://nvd.nist.gov/vuln/detail/CVE-2023-54186

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54186

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54186

EUVD