CVE-2024-36893

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: typec: tcpm: Check for port partner validity before consuming it<br /> <br /> typec_register_partner() does not guarantee partner registration<br /> to always succeed. In the event of failure, port-&gt;partner is set<br /> to the error value or NULL. Given that port-&gt;partner validity is<br /> not checked, this results in the following crash:<br /> <br /> Unable to handle kernel NULL pointer dereference at virtual address xx<br /> pc : run_state_machine+0x1bc8/0x1c08<br /> lr : run_state_machine+0x1b90/0x1c08<br /> ..<br /> Call trace:<br /> run_state_machine+0x1bc8/0x1c08<br /> tcpm_state_machine_work+0x94/0xe4<br /> kthread_worker_fn+0x118/0x328<br /> kthread+0x1d0/0x23c<br /> ret_from_fork+0x10/0x20<br /> <br /> To prevent the crash, check for port-&gt;partner validity before<br /> derefencing it in all the call sites.