In the Linux kernel, the following vulnerability has been resolved:
usb: ucsi: Fix NULL pointer deref in ucsiconnectorchange()
When ucsiinit() fails, ucsi->connector is NULL, yet in case of ucsiacpi we may still get events which cause the ucsacpi code to call ucsiconnector_change(), which then derefs the NULL ucsi->connector pointer.
Fix this by not setting ucsi->ntfy inside ucsiinit() until ucsiinit() has succeeded, so that ucsiconnectorchange() ignores the events because UCSIENABLENTFYCONNECTORCHANGE is not set in the ntfy mask.
[ { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7ef0423e43f877a328454059d46763043ce3da44", "signature_version": "v1", "target": { "file": "drivers/usb/typec/ucsi/ucsi.c", "function": "ucsi_init" }, "digest": { "length": 1535.0, "function_hash": "238939214762919643842319126022923786313" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2023-53049-0ae07b86" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1c5abcb13491da8c049f20462189c12c753ba978", "signature_version": "v1", "target": { "file": "drivers/usb/typec/ucsi/ucsi.c", "function": "ucsi_init" }, "digest": { "length": 1535.0, "function_hash": "238939214762919643842319126022923786313" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2023-53049-1170ab5e" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a6adfe9bbd6ac11e398b54ccd99a0f8eea09f3c0", "signature_version": "v1", "target": { "file": "drivers/usb/typec/ucsi/ucsi.c", "function": "ucsi_init" }, "digest": { "length": 1431.0, "function_hash": "65197223899748127750940249717885031371" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2023-53049-11ba65ad" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7dd27aed9c456670b3882877ef17a48195f21693", "signature_version": "v1", "target": { "file": "drivers/usb/typec/ucsi/ucsi.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "330928365076617311260279403645396387690", "76223488032310012753640323498685659888", "269198374588439509742128841383658771835", "186965688388007064833813627928572268514", "95675076906037230080488525519276793866", "230647491793076782476712048080801848779", "167144383919293734213458920962333800847", "14717754577675713847408230055397506823", "15071283480867908721838047856294040567", "119597310286332883142097986387258993246", "240769092807128942567766102392340337630", "321773227681050365251648450277259176773", "115746299488791921210610173371110039726", "276709844273750261497451324006045767653", "33499173698117371842020776576779510205", "154150406007904909407645455429149605082", "155760301558543609711323858055726394297" ] }, "deprecated": false, "signature_type": "Line", "id": "CVE-2023-53049-13e0241e" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f87fb985452ab2083967103ac00bfd68fb182764", "signature_version": "v1", "target": { "file": "drivers/usb/typec/ucsi/ucsi.c", "function": "ucsi_init" }, "digest": { "length": 1719.0, "function_hash": "122043510189613161424642502469881002450" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2023-53049-5a8f44cc" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f87fb985452ab2083967103ac00bfd68fb182764", "signature_version": "v1", "target": { "file": "drivers/usb/typec/ucsi/ucsi.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "330928365076617311260279403645396387690", "76223488032310012753640323498685659888", "269198374588439509742128841383658771835", "186965688388007064833813627928572268514", "95675076906037230080488525519276793866", "230647491793076782476712048080801848779", "167144383919293734213458920962333800847", "14717754577675713847408230055397506823", "15071283480867908721838047856294040567", "119597310286332883142097986387258993246", "240769092807128942567766102392340337630", "321773227681050365251648450277259176773", "115746299488791921210610173371110039726", "276709844273750261497451324006045767653", "33499173698117371842020776576779510205", "154150406007904909407645455429149605082", "155760301558543609711323858055726394297" ] }, "deprecated": false, "signature_type": "Line", "id": "CVE-2023-53049-6be6d668" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1c5abcb13491da8c049f20462189c12c753ba978", "signature_version": "v1", "target": { "file": "drivers/usb/typec/ucsi/ucsi.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "330928365076617311260279403645396387690", "76223488032310012753640323498685659888", "269198374588439509742128841383658771835", "186965688388007064833813627928572268514", "95675076906037230080488525519276793866", "230647491793076782476712048080801848779", "167144383919293734213458920962333800847", "14717754577675713847408230055397506823", "15071283480867908721838047856294040567", "119597310286332883142097986387258993246", "240769092807128942567766102392340337630", "321773227681050365251648450277259176773", "115746299488791921210610173371110039726", "276709844273750261497451324006045767653", "33499173698117371842020776576779510205", "154150406007904909407645455429149605082", "155760301558543609711323858055726394297" ] }, "deprecated": false, "signature_type": "Line", "id": "CVE-2023-53049-82148f82" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7ef0423e43f877a328454059d46763043ce3da44", "signature_version": "v1", "target": { "file": "drivers/usb/typec/ucsi/ucsi.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "330928365076617311260279403645396387690", "76223488032310012753640323498685659888", "269198374588439509742128841383658771835", "186965688388007064833813627928572268514", "95675076906037230080488525519276793866", "230647491793076782476712048080801848779", "167144383919293734213458920962333800847", "14717754577675713847408230055397506823", "15071283480867908721838047856294040567", "119597310286332883142097986387258993246", "240769092807128942567766102392340337630", "321773227681050365251648450277259176773", "115746299488791921210610173371110039726", "276709844273750261497451324006045767653", "33499173698117371842020776576779510205", "154150406007904909407645455429149605082", "155760301558543609711323858055726394297" ] }, "deprecated": false, "signature_type": "Line", "id": "CVE-2023-53049-8738d83f" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a6adfe9bbd6ac11e398b54ccd99a0f8eea09f3c0", "signature_version": "v1", "target": { "file": "drivers/usb/typec/ucsi/ucsi.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "330928365076617311260279403645396387690", "76223488032310012753640323498685659888", "269198374588439509742128841383658771835", "186965688388007064833813627928572268514", "95675076906037230080488525519276793866", "230647491793076782476712048080801848779", "167144383919293734213458920962333800847", "14717754577675713847408230055397506823", "15071283480867908721838047856294040567", "119597310286332883142097986387258993246", "240769092807128942567766102392340337630", "321773227681050365251648450277259176773", "115746299488791921210610173371110039726", "276709844273750261497451324006045767653", "33499173698117371842020776576779510205", "154150406007904909407645455429149605082", "155760301558543609711323858055726394297" ] }, "deprecated": false, "signature_type": "Line", "id": "CVE-2023-53049-8f859b37" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7dd27aed9c456670b3882877ef17a48195f21693", "signature_version": "v1", "target": { "file": "drivers/usb/typec/ucsi/ucsi.c", "function": "ucsi_init" }, "digest": { "length": 1431.0, "function_hash": "65197223899748127750940249717885031371" }, "deprecated": false, "signature_type": "Function", "id": "CVE-2023-53049-c8cb2ea8" } ]