CVE-2026-53305
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/06/2026
Last modified:
30/06/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
usb: typec: ps883x: Fix Oops at unbind<br />
<br />
When trying to unbind a device in order to bind to it vfio-platform as:<br />
<br />
echo bc0000.geniqup > /sys/bus/platform/devices/bc0000.geniqup/driver/unbind<br />
<br />
I get the following Oops:<br />
<br />
[ 436.478639] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020<br />
[ 436.487762] Mem abort info:<br />
[ 436.490716] ESR = 0x0000000096000004<br />
[ 436.494595] EC = 0x25: DABT (current EL), IL = 32 bits<br />
[ 436.500071] SET = 0, FnV = 0<br />
[ 436.503250] EA = 0, S1PTW = 0<br />
[ 436.506505] FSC = 0x04: level 0 translation fault<br />
[ 436.511533] Data abort info:<br />
[ 436.514558] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000<br />
[ 436.520215] CM = 0, WnR = 0, TnD = 0, TagAccess = 0<br />
[ 436.525436] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0<br />
[ 436.530918] user pgtable: 4k pages, 48-bit VAs, pgdp=00000008861a9000<br />
[ 436.537554] [0000000000000020] pgd=0000000000000000, p4d=0000000000000000<br />
[ 436.544548] Internal error: Oops: 0000000096000004 [#1] SMP<br />
[ 436.550374] Modules linked in:<br />
[ 436.553542] CPU: 2 UID: 0 PID: 671 Comm: bash Tainted: G W 7.0.0-rc3-g56fcdd0911a5-dirty #2 PREEMPT<br />
[ 436.564440] Tainted: [W]=WARN<br />
[ 436.567515] Hardware name: LENOVO 91B6CTO1WW/3796, BIOS O6NKT3BA 05/02/2025<br />
[ 436.574675] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)<br />
[ 436.581841] pc : ps883x_retimer_remove+0x14/0x94<br />
[ 436.586605] lr : i2c_device_remove+0x28/0x84<br />
[ 436.591017] sp : ffff8000847137c0<br />
<br />
That&#39;s because the ps883x_retimer_remove() retrieves the driver data<br />
from i2c_get_clientdata() which was never set at probe. So, add<br />
i2c_set_clientdata() at the end of the probe.



