CVE-2023-52901

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: xhci: Check endpoint is valid before dereferencing it<br /> <br /> When the host controller is not responding, all URBs queued to all<br /> endpoints need to be killed. This can cause a kernel panic if we<br /> dereference an invalid endpoint.<br /> <br /> Fix this by using xhci_get_virt_ep() helper to find the endpoint and<br /> checking if the endpoint is valid before dereferencing it.<br /> <br /> [233311.853271] xhci-hcd xhci-hcd.1.auto: xHCI host controller not responding, assume dead<br /> [233311.853393] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000e8<br /> <br /> [233311.853964] pc : xhci_hc_died+0x10c/0x270<br /> [233311.853971] lr : xhci_hc_died+0x1ac/0x270<br /> <br /> [233311.854077] Call trace:<br /> [233311.854085] xhci_hc_died+0x10c/0x270<br /> [233311.854093] xhci_stop_endpoint_command_watchdog+0x100/0x1a4<br /> [233311.854105] call_timer_fn+0x50/0x2d4<br /> [233311.854112] expire_timers+0xac/0x2e4<br /> [233311.854118] run_timer_softirq+0x300/0xabc<br /> [233311.854127] __do_softirq+0x148/0x528<br /> [233311.854135] irq_exit+0x194/0x1a8<br /> [233311.854143] __handle_domain_irq+0x164/0x1d0<br /> [233311.854149] gic_handle_irq.22273+0x10c/0x188<br /> [233311.854156] el1_irq+0xfc/0x1a8<br /> [233311.854175] lpm_cpuidle_enter+0x25c/0x418 [msm_pm]<br /> [233311.854185] cpuidle_enter_state+0x1f0/0x764<br /> [233311.854194] do_idle+0x594/0x6ac<br /> [233311.854201] cpu_startup_entry+0x7c/0x80<br /> [233311.854209] secondary_start_kernel+0x170/0x198