CVE-2026-53305

Source
https://cve.org/CVERecord?id=CVE-2026-53305
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53305.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53305
Downstream
Published
2026-06-26T19:41:00.712Z
Modified
2026-07-08T08:07:25.069843096Z
Summary
usb: typec: ps883x: Fix Oops at unbind
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: ps883x: Fix Oops at unbind

When trying to unbind a device in order to bind to it vfio-platform as:

echo bc0000.geniqup > /sys/bus/platform/devices/bc0000.geniqup/driver/unbind

I get the following Oops:

[ 436.478639] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 [ 436.487762] Mem abort info: [ 436.490716] ESR = 0x0000000096000004 [ 436.494595] EC = 0x25: DABT (current EL), IL = 32 bits [ 436.500071] SET = 0, FnV = 0 [ 436.503250] EA = 0, S1PTW = 0 [ 436.506505] FSC = 0x04: level 0 translation fault [ 436.511533] Data abort info: [ 436.514558] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 436.520215] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 436.525436] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 436.530918] user pgtable: 4k pages, 48-bit VAs, pgdp=00000008861a9000 [ 436.537554] [0000000000000020] pgd=0000000000000000, p4d=0000000000000000 [ 436.544548] Internal error: Oops: 0000000096000004 [#1] SMP [ 436.550374] Modules linked in: [ 436.553542] CPU: 2 UID: 0 PID: 671 Comm: bash Tainted: G W 7.0.0-rc3-g56fcdd0911a5-dirty #2 PREEMPT [ 436.564440] Tainted: [W]=WARN [ 436.567515] Hardware name: LENOVO 91B6CTO1WW/3796, BIOS O6NKT3BA 05/02/2025 [ 436.574675] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 436.581841] pc : ps883xretimerremove+0x14/0x94 [ 436.586605] lr : i2cdeviceremove+0x28/0x84 [ 436.591017] sp : ffff8000847137c0

That's because the ps883xretimerremove() retrieves the driver data from i2cgetclientdata() which was never set at probe. So, add i2csetclientdata() at the end of the probe.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53305.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
257a087c8b5206e046048de6053fc8b3fa1af814
Fixed
37a3d1b6827783f26d2f8e6c7683e253ba79ae93
Fixed
c404d0ac0cb085cb7077ba32c334cc4042feb81a
Fixed
381133848a033c2086cf9cafb226f425bd0414ff

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53305.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.15.0
Fixed
6.18.33
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53305.json"