Ubuntu: (CVE-2023-52901): linux vulnerability

Ubuntu: (CVE-2023-52901): linux vulnerability

Severity

5

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

08/21/2024

Created

11/21/2024

Added

11/19/2024

Modified

02/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check endpoint is valid before dereferencing it When the host controller is not responding, all URBs queued to all endpoints need to be killed. This can cause a kernel panic if we dereference an invalid endpoint. Fix this by using xhci_get_virt_ep() helper to find the endpoint and checking if the endpoint is valid before dereferencing it. [233311.853271] xhci-hcd xhci-hcd.1.auto: xHCI host controller not responding, assume dead [233311.853393] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000e8 [233311.853964] pc : xhci_hc_died+0x10c/0x270 [233311.853971] lr : xhci_hc_died+0x1ac/0x270 [233311.854077] Call trace: [233311.854085]xhci_hc_died+0x10c/0x270 [233311.854093]xhci_stop_endpoint_command_watchdog+0x100/0x1a4 [233311.854105]call_timer_fn+0x50/0x2d4 [233311.854112]expire_timers+0xac/0x2e4 [233311.854118]run_timer_softirq+0x300/0xabc [233311.854127]__do_softirq+0x148/0x528 [233311.854135]irq_exit+0x194/0x1a8 [233311.854143]__handle_domain_irq+0x164/0x1d0 [233311.854149]gic_handle_irq.22273+0x10c/0x188 [233311.854156]el1_irq+0xfc/0x1a8 [233311.854175]lpm_cpuidle_enter+0x25c/0x418 [msm_pm] [233311.854185]cpuidle_enter_state+0x1f0/0x764 [233311.854194]do_idle+0x594/0x6ac [233311.854201]cpu_startup_entry+0x7c/0x80 [233311.854209]secondary_start_kernel+0x170/0x198

Solution(s)

• ubuntu-upgrade-linux
• ubuntu-upgrade-linux-aws
• ubuntu-upgrade-linux-aws-5-15
• ubuntu-upgrade-linux-aws-5-4
• ubuntu-upgrade-linux-aws-fips
• ubuntu-upgrade-linux-aws-hwe
• ubuntu-upgrade-linux-azure
• ubuntu-upgrade-linux-azure-4-15
• ubuntu-upgrade-linux-azure-5-15
• ubuntu-upgrade-linux-azure-5-4
• ubuntu-upgrade-linux-azure-fde
• ubuntu-upgrade-linux-azure-fde-5-15
• ubuntu-upgrade-linux-azure-fips
• ubuntu-upgrade-linux-bluefield
• ubuntu-upgrade-linux-fips
• ubuntu-upgrade-linux-gcp
• ubuntu-upgrade-linux-gcp-4-15
• ubuntu-upgrade-linux-gcp-5-15
• ubuntu-upgrade-linux-gcp-5-4
• ubuntu-upgrade-linux-gcp-fips
• ubuntu-upgrade-linux-gke
• ubuntu-upgrade-linux-gkeop
• ubuntu-upgrade-linux-gkeop-5-15
• ubuntu-upgrade-linux-hwe
• ubuntu-upgrade-linux-hwe-5-15
• ubuntu-upgrade-linux-hwe-5-4
• ubuntu-upgrade-linux-ibm
• ubuntu-upgrade-linux-ibm-5-4
• ubuntu-upgrade-linux-intel-iot-realtime
• ubuntu-upgrade-linux-intel-iotg
• ubuntu-upgrade-linux-intel-iotg-5-15
• ubuntu-upgrade-linux-iot
• ubuntu-upgrade-linux-kvm
• ubuntu-upgrade-linux-lowlatency
• ubuntu-upgrade-linux-lowlatency-hwe-5-15
• ubuntu-upgrade-linux-nvidia
• ubuntu-upgrade-linux-oracle
• ubuntu-upgrade-linux-oracle-5-15
• ubuntu-upgrade-linux-oracle-5-4
• ubuntu-upgrade-linux-raspi
• ubuntu-upgrade-linux-raspi-5-4
• ubuntu-upgrade-linux-realtime
• ubuntu-upgrade-linux-riscv-5-15
• ubuntu-upgrade-linux-xilinx-zynqmp

References

• https://attackerkb.com/topics/cve-2023-52901
• CVE - 2023-52901
• https://git.kernel.org/linus/e8fb5bc76eb86437ab87002d4a36d6da02165654
• https://git.kernel.org/stable/c/08864dc14a6803f0377ca77b9740b26db30c020f
• https://git.kernel.org/stable/c/2d2820d5f375563690c96e60676855205abfb7f5
• https://git.kernel.org/stable/c/375be2dd61a072f7b1cac9b17eea59e07b58db3a
• https://git.kernel.org/stable/c/66fc1600855c05c4ba4e997184c91cf298e0405c
• https://git.kernel.org/stable/c/9891e5c73cab3fd9ed532dc50e9799e55e974766
• https://git.kernel.org/stable/c/e8fb5bc76eb86437ab87002d4a36d6da02165654
• https://git.kernel.org/stable/c/f39c813af0b64f44af94e435c07bfa1ddc2575f5
• https://www.cve.org/CVERecord?id=CVE-2023-52901

View more