CVE-2024-36893 in Linuxinfo

Summary

by MITRE • 05/30/2024

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: tcpm: Check for port partner validity before consuming it

typec_register_partner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash:

Unable to handle kernel NULL pointer dereference at virtual address xx pc : run_state_machine+0x1bc8/0x1c08 lr : run_state_machine+0x1b90/0x1c08 .. Call trace: run_state_machine+0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20

To prevent the crash, check for port->partner validity before derefencing it in all the call sites.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 08/28/2025

The vulnerability identified as CVE-2024-36893 represents a critical null pointer dereference issue within the Linux kernel's USB Type-C subsystem, specifically affecting the Thunderbolt Controller Protocol Manager tcpm module. This flaw exists in the typec_register_partner() function which does not guarantee successful partner registration and may set port->partner to either an error value or NULL upon registration failure. The vulnerability stems from inadequate validation of port partner validity before dereferencing the port->partner pointer, creating a potential crash condition that can compromise system stability and availability. The issue manifests when the kernel attempts to process USB Type-C port partner operations without first verifying that the partner registration was successful, leading to a kernel NULL pointer dereference at virtual address xx.

The technical implementation of this vulnerability occurs within the run_state_machine function where the tcpm_state_machine_work thread processes Type-C state transitions. When typec_register_partner() fails to register a partner, it sets port->partner to NULL or an error value, but subsequent code paths do not validate this condition before attempting to dereference the pointer. This pattern violates fundamental defensive programming practices and creates a direct path for kernel oops conditions that can result in system crashes and potential denial of service scenarios. The call trace demonstrates the execution path leading to the crash, showing how the error propagates through the kthread_worker_fn and kthread execution contexts, ultimately causing an unhandled kernel NULL pointer dereference that terminates the system's stability.

The operational impact of this vulnerability extends beyond simple system crashes to potentially enable privilege escalation and persistent denial of service conditions within embedded systems and devices that rely heavily on USB Type-C connectivity. Attackers could exploit this weakness to cause system instability or force system reboots through malicious USB Type-C partner devices or faulty hardware configurations. The vulnerability affects Linux kernel implementations that utilize the USB Type-C subsystem for device management and power delivery operations, particularly impacting systems where Type-C ports are actively managed and where partner registration failures could occur due to hardware malfunctions or timing issues. This flaw aligns with CWE-476 which identifies NULL pointer dereference as a critical weakness in software systems, and could potentially map to ATT&CK technique T1059.001 for privilege escalation through kernel exploitation.

Mitigation strategies for CVE-2024-36893 require immediate implementation of proper validation checks before dereferencing the port->partner pointer in all affected call sites. The fix involves adding explicit validation logic to verify that port->partner is not NULL or an error value before proceeding with operations that depend on the partner structure. System administrators should prioritize updating to kernel versions that include the patched tcpm implementation, while developers implementing USB Type-C subsystem interfaces should adopt defensive programming practices that validate all pointer dereferences. Organizations should also consider implementing monitoring solutions to detect potential exploitation attempts through abnormal USB Type-C port behavior or repeated registration failures. The patch addresses the root cause by ensuring proper error handling and validation throughout the Type-C partner registration and management workflow, preventing the kernel from attempting to access invalid memory locations and maintaining system stability during partner registration failures.

Reservation

05/30/2024

Disclosure

05/30/2024

Moderation

accepted

CPE

ready

EPSS

0.00227

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!