CVE-2023-52901

21.08.2024, 07:15

In the Linux kernel, the following vulnerability has been resolved:

usb: xhci: Check endpoint is valid before dereferencing it

When the host controller is not responding, all URBs queued to all
endpoints need to be killed. This can cause a kernel panic if we
dereference an invalid endpoint.

Fix this by using xhci_get_virt_ep() helper to find the endpoint and
checking if the endpoint is valid before dereferencing it.

[233311.853271] xhci-hcd xhci-hcd.1.auto: xHCI host controller not responding, assume dead
[233311.853393] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000e8

[233311.853964] pc : xhci_hc_died+0x10c/0x270
[233311.853971] lr : xhci_hc_died+0x1ac/0x270

[233311.854077] Call trace:
[233311.854085]  xhci_hc_died+0x10c/0x270
[233311.854093]  xhci_stop_endpoint_command_watchdog+0x100/0x1a4
[233311.854105]  call_timer_fn+0x50/0x2d4
[233311.854112]  expire_timers+0xac/0x2e4
[233311.854118]  run_timer_softirq+0x300/0xabc
[233311.854127]  __do_softirq+0x148/0x528
[233311.854135]  irq_exit+0x194/0x1a8
[233311.854143]  __handle_domain_irq+0x164/0x1d0
[233311.854149]  gic_handle_irq.22273+0x10c/0x188
[233311.854156]  el1_irq+0xfc/0x1a8
[233311.854175]  lpm_cpuidle_enter+0x25c/0x418 [msm_pm]
[233311.854185]  cpuidle_enter_state+0x1f0/0x764
[233311.854194]  do_idle+0x594/0x6ac
[233311.854201]  cpu_startup_entry+0x7c/0x80
[233311.854209]  secondary_start_kernel+0x170/0x198

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Linux	CNA	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Vendor	Product	Version
linux	linux_kernel	3.15 ≤ 𝑥 < 4.14.304
linux	linux_kernel	4.15 ≤ 𝑥 < 4.19.271
linux	linux_kernel	4.20 ≤ 𝑥 < 5.4.230
linux	linux_kernel	5.5 ≤ 𝑥 < 5.10.165
linux	linux_kernel	5.11 ≤ 𝑥 < 5.15.90
linux	linux_kernel	5.16 ≤ 𝑥 < 6.1.8
linux	linux_kernel	6.2:rc1
linux	linux_kernel	6.2:rc2
linux	linux_kernel	6.2:rc3
linux	linux_kernel	6.2:rc4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
bullseye (security)	5.10.226-1 fixed
bookworm	6.1.115-1 fixed
bookworm (security)	6.1.119-1 fixed
sid	6.12.6-1 fixed
trixie	6.12.6-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

oracular	not-affected
noble	not-affected
jammy	Fixed 5.15.0-70.77 released
focal	Fixed 5.4.0-147.164 released
bionic	Fixed 4.15.0-209.220 released
xenial	ignored
trusty	not-affected

linux-allwinner-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws

oracular	not-affected
noble	not-affected
jammy	Fixed 5.15.0-1034.38 released
focal	Fixed 5.4.0-1100.108 released
bionic	Fixed 4.15.0-1154.167 released
xenial	ignored
trusty	ignored

linux-aws-5.0

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-aws-5.11

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-aws-5.13

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-aws-5.15

oracular	dne
noble	dne
jammy	dne
focal	Fixed 5.15.0-1034.38~20.04.1 released
bionic	dne
xenial	dne
trusty	dne

linux-aws-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws-5.3

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-aws-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	Fixed 5.4.0-1100.108~18.04.1 released
xenial	dne
trusty	dne

linux-aws-5.8

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-aws-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws-6.5

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws-6.8

oracular	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-aws-fips

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	ignored
trusty	dne

linux-aws-hwe

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	Fixed 4.15.0-1154.167~16.04.1 released
trusty	dne

linux-azure

oracular	not-affected
noble	not-affected
jammy	Fixed 5.15.0-1036.43 released
focal	Fixed 5.4.0-1106.112 released
bionic	ignored
xenial	Fixed 4.15.0-1163.178~16.04.1 released
trusty	Fixed 4.15.0-1163.178~14.04.1 released

linux-azure-4.15

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	Fixed 4.15.0-1163.178 released
xenial	dne
trusty	dne

linux-azure-5.11

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-azure-5.13

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-azure-5.15

oracular	dne
noble	dne
jammy	dne
focal	Fixed 5.15.0-1036.43~20.04.1 released
bionic	dne
xenial	dne
trusty	dne

linux-azure-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-5.3

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-azure-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	Fixed 5.4.0-1106.112~18.04.1 released
xenial	dne
trusty	dne

linux-azure-5.8

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-azure-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-6.5

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-6.8

oracular	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-edge

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-azure-fde

oracular	dne
noble	dne
jammy	Fixed 5.15.0-1036.43.1 released
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-azure-fde-5.15

oracular	dne
noble	dne
jammy	dne
focal	Fixed 5.15.0-1036.43~20.04.1.1 released
bionic	dne
xenial	dne
trusty	dne

linux-azure-fde-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-fde-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-azure-fips

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	ignored
trusty	dne

linux-bluefield

oracular	dne
noble	dne
jammy	dne
focal	Fixed 5.4.0-1062.68 released
bionic	dne
xenial	dne
trusty	dne

linux-fips

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gcp

oracular	not-affected
noble	not-affected
jammy	Fixed 5.15.0-1032.40 released
focal	Fixed 5.4.0-1103.112 released
bionic	ignored
xenial	Fixed 4.15.0-1148.164~16.04.1 released
trusty	dne

linux-gcp-4.15

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	Fixed 4.15.0-1148.164 released
xenial	dne
trusty	dne

linux-gcp-5.11

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-gcp-5.13

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-gcp-5.15

oracular	dne
noble	dne
jammy	dne
focal	Fixed 5.15.0-1032.40~20.04.1 released
bionic	dne
xenial	dne
trusty	dne

linux-gcp-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gcp-5.3

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-gcp-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	Fixed 5.4.0-1103.112~18.04.1 released
xenial	dne
trusty	dne

linux-gcp-5.8

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-gcp-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gcp-6.5

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gcp-6.8

oracular	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-gcp-fips

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	ignored
trusty	dne

linux-gke

oracular	dne
noble	not-affected
jammy	Fixed 5.15.0-1031.36 released
focal	ignored
bionic	dne
xenial	ignored
trusty	dne

linux-gke-4.15

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-gke-5.15

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-gke-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-gkeop

oracular	dne
noble	not-affected
jammy	Fixed 5.15.0-1018.23 released
focal	Fixed 5.4.0-1067.71 released
bionic	dne
xenial	dne
trusty	dne

linux-gkeop-5.15

oracular	dne
noble	dne
jammy	dne
focal	Fixed 5.15.0-1018.23~20.04.1 released
bionic	dne
xenial	dne
trusty	dne

linux-gkeop-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-hwe

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	Fixed 4.15.0-209.220~16.04.1 released
trusty	dne

linux-hwe-5.11

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-hwe-5.13

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-hwe-5.15

oracular	dne
noble	dne
jammy	dne
focal	Fixed 5.15.0-70.77~20.04.1 released
bionic	dne
xenial	dne
trusty	dne

linux-hwe-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	Fixed 5.4.0-147.164~18.04.1 released
xenial	dne
trusty	dne

linux-hwe-5.8

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-hwe-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-6.5

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-6.8

oracular	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-edge

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	ignored
trusty	dne

linux-ibm

oracular	dne
noble	not-affected
jammy	Fixed 5.15.0-1028.31 released
focal	Fixed 5.4.0-1047.52 released
bionic	dne
xenial	dne
trusty	dne

linux-ibm-5.15

oracular	dne
noble	dne
jammy	dne
focal	not-affected
bionic	dne
xenial	dne
trusty	dne

linux-ibm-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	Fixed 5.4.0-1047.52~18.04.1 released
xenial	dne
trusty	dne

linux-intel

oracular	dne
noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-intel-5.13

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-intel-iot-realtime

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-intel-iotg

oracular	dne
noble	dne
jammy	Fixed 5.15.0-1028.33 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-intel-iotg-5.15

oracular	dne
noble	dne
jammy	dne
focal	Fixed 5.15.0-1030.35~20.04.1 released
bionic	dne
xenial	dne
trusty	dne

linux-iot

oracular	dne
noble	dne
jammy	dne
focal	Fixed 5.4.0-1017.18 released
bionic	dne
xenial	dne
trusty	dne

linux-kvm

oracular	dne
noble	dne
jammy	Fixed 5.15.0-1031.36 released
focal	Fixed 5.4.0-1089.95 released
bionic	Fixed 4.15.0-1138.143 released
xenial	ignored
trusty	dne

linux-lowlatency

oracular	not-affected
noble	not-affected
jammy	Fixed 5.15.0-70.77 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-5.15

oracular	dne
noble	dne
jammy	dne
focal	Fixed 5.15.0-70.77~20.04.1 released
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-6.5

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lowlatency-hwe-6.8

oracular	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lts-xenial

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	ignored

linux-nvidia

oracular	dne
noble	not-affected
jammy	Fixed 5.15.0-1023.23 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-6.5

oracular	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-6.8

oracular	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-lowlatency

oracular	dne
noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	ignored
trusty	dne

linux-oem-5.10

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oem-5.13

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oem-5.14

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oem-5.17

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-5.6

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.0

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.1

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.11

oracular	dne
noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.5

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem-6.8

oracular	dne
noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oracle

oracular	not-affected
noble	not-affected
jammy	Fixed 5.15.0-1033.39 released
focal	Fixed 5.4.0-1099.108 released
bionic	Fixed 4.15.0-1117.128 released
xenial	Fixed 4.15.0-1117.128~16.04.1 released
trusty	dne

linux-oracle-5.0

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-oracle-5.11

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oracle-5.13

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oracle-5.15

oracular	dne
noble	dne
jammy	dne
focal	Fixed 5.15.0-1033.39~20.04.1 released
bionic	dne
xenial	dne
trusty	dne

linux-oracle-5.3

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	ignored
xenial	dne
trusty	dne

linux-oracle-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	Fixed 5.4.0-1099.108~18.04.1 released
xenial	dne
trusty	dne

linux-oracle-5.8

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-oracle-6.5

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oracle-6.8

oracular	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-raspi

oracular	not-affected
noble	not-affected
jammy	Fixed 5.15.0-1027.29 released
focal	Fixed 5.4.0-1083.94 released
bionic	dne
xenial	dne
trusty	dne

linux-raspi-5.4

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	Fixed 5.4.0-1083.94~18.04.1 released
xenial	dne
trusty	dne

linux-raspi-realtime

oracular	dne
noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-raspi2

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	ignored
xenial	ignored
trusty	dne

linux-realtime

oracular	not-affected
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-riscv

oracular	not-affected
noble	not-affected
jammy	ignored
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-riscv-5.11

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-riscv-5.15

oracular	dne
noble	dne
jammy	dne
focal	Fixed 5.15.0-1031.35~20.04.1 released
bionic	dne
xenial	dne
trusty	dne

linux-riscv-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-riscv-5.8

oracular	dne
noble	dne
jammy	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

linux-riscv-6.5

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-riscv-6.8

oracular	dne
noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-starfive-5.19

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-starfive-6.2

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-starfive-6.5

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-xilinx-zynqmp

oracular	dne
noble	dne
jammy	not-affected
focal	Fixed 5.4.0-1024.28 released
bionic	dne
xenial	dne
trusty	dne

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

https://git.kernel.org/stable/c/08864dc14a6803f0377ca77b9740b26db30c020f

https://git.kernel.org/stable/c/2d2820d5f375563690c96e60676855205abfb7f5

https://git.kernel.org/stable/c/375be2dd61a072f7b1cac9b17eea59e07b58db3a

https://git.kernel.org/stable/c/66fc1600855c05c4ba4e997184c91cf298e0405c

https://git.kernel.org/stable/c/9891e5c73cab3fd9ed532dc50e9799e55e974766

https://git.kernel.org/stable/c/e8fb5bc76eb86437ab87002d4a36d6da02165654

https://git.kernel.org/stable/c/f39c813af0b64f44af94e435c07bfa1ddc2575f5