NULL pointer dereference in Linux kernel typec ucsi driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-53049 |
| CWE-ID | CWE-476 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) NULL pointer dereference
EUVDB-ID: #VU108464
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-53049
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ucsi_init() function in drivers/usb/typec/ucsi/ucsi.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 5.10 - 6.3 rc6
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:5.10:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10.3:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/1c5abcb13491da8c049f20462189c12c753ba978
https://git.kernel.org/stable/c/7dd27aed9c456670b3882877ef17a48195f21693
https://git.kernel.org/stable/c/7ef0423e43f877a328454059d46763043ce3da44
https://git.kernel.org/stable/c/a6adfe9bbd6ac11e398b54ccd99a0f8eea09f3c0
https://git.kernel.org/stable/c/f87fb985452ab2083967103ac00bfd68fb182764
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.177
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.105
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.22
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.9
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
