CVE-2023-52901

MEDIUM EPSS 15.0%
Published Aug 21, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Aug 21, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check endpoint is valid before dereferencing it When the host controller is not responding, all URBs queued to all endpoints need to be killed. This can cause a kernel panic if we dereference an invalid endpoint. Fix this by using xhci_get_virt_ep() helper to find the endpoint and checking if the endpoint is valid before dereferencing it. [233311.853271] xhci-hcd xhci-hcd.1.auto: xHCI host controller not responding, assume dead [233311.853393] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000e8 [233311.853964] pc : xhci_hc_died+0x10c/0x270 [233311.853971] lr : xhci_hc_died+0x1ac/0x270 [233311.854077] Call trace: [233311.854085] xhci_hc_died+0x10c/0x270 [233311.854093] xhci_stop_endpoint_command_watchdog+0x100/0x1a4 [233311.854105] call_timer_fn+0x50/0x2d4 [233311.854112] expire_timers+0xac/0x2e4 [233311.854118] run_timer_softirq+0x300/0xabc [233311.854127] __do_softirq+0x148/0x528 [233311.854135] irq_exit+0x194/0x1a8 [233311.854143] __handle_domain_irq+0x164/0x1d0 [233311.854149] gic_handle_irq.22273+0x10c/0x188 [233311.854156] el1_irq+0xfc/0x1a8 [233311.854175] lpm_cpuidle_enter+0x25c/0x418 [msm_pm] [233311.854185] cpuidle_enter_state+0x1f0/0x764 [233311.854194] do_idle+0x594/0x6ac [233311.854201] cpu_startup_entry+0x7c/0x80 [233311.854209] secondary_start_kernel+0x170/0x198

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
15.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥3.15  –  <4.14.304
linuxlinux_kernel*≥4.15  –  <4.19.271
linuxlinux_kernel*≥4.20  –  <5.4.230
linuxlinux_kernel*≥5.5  –  <5.10.165
linuxlinux_kernel*≥5.11  –  <5.15.90
linuxlinux_kernel*≥5.16  –  <6.1.8
linuxlinux_kernel6.2any
linuxlinux_kernel6.2any
linuxlinux_kernel6.2any
linuxlinux_kernel6.2any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/08864dc14a6803f0377ca77b9740b26db30c020f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2d2820d5f375563690c96e60676855205abfb7f5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/375be2dd61a072f7b1cac9b17eea59e07b58db3a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/66fc1600855c05c4ba4e997184c91cf298e0405c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9891e5c73cab3fd9ed532dc50e9799e55e974766
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e8fb5bc76eb86437ab87002d4a36d6da02165654
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f39c813af0b64f44af94e435c07bfa1ddc2575f5
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/08864dc14a6803f0377ca77b9740b26db30c020f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2d2820d5f375563690c96e60676855205abfb7f5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/375be2dd61a072f7b1cac9b17eea59e07b58db3a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/66fc1600855c05c4ba4e997184c91cf298e0405c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9891e5c73cab3fd9ed532dc50e9799e55e974766
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e8fb5bc76eb86437ab87002d4a36d6da02165654
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f39c813af0b64f44af94e435c07bfa1ddc2575f5
    Patch