CVE-2024-36893

typecregisterpartner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash:

Unable to handle kernel NULL pointer dereference at virtual address xx pc : runstatemachine+0x1bc8/0x1c08 lr : runstatemachine+0x1b90/0x1c08 .. Call trace: runstatemachine+0x1bc8/0x1c08 tcpmstatemachinework+0x94/0xe4 kthreadworkerfn+0x118/0x328 kthread+0x1d0/0x23c retfrom_fork+0x10/0x20

To prevent the crash, check for port->partner validity before derefencing it in all the call sites.

References

Affected packages

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.94-1

Affected versions

6.*

6.1.27-1

6.1.37-1

6.1.38-1

6.1.38-2~bpo11+1

6.1.38-2

6.1.38-3

6.1.38-4~bpo11+1

6.1.38-4

6.1.52-1

6.1.55-1~bpo11+1

6.1.55-1

6.1.64-1

6.1.66-1

6.1.67-1

6.1.69-1~bpo11+1

6.1.69-1

6.1.76-1~bpo11+1

6.1.76-1

6.1.82-1

6.1.85-1

6.1.90-1~bpo11+1

6.1.90-1

6.1.94-1~bpo11+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.8.11-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}