Linux · Linux Kernel · CVE-2024-36893
**Name of the Vulnerable Software and Affected Versions**
Linux kernel (affected versions not specified)
**Description**
The issue arises from the `typec register partner()` function not guaranteeing partner registration to always succeed. In the event of failure, `port->partner` is set to the error value or NULL. Given that `port->partner` validity is not checked, this results in a crash due to a kernel NULL pointer dereference. The crash occurs at virtual address xx, with a call trace involving `run state machine()`, `tcpm state machine work()`, `kthread worker fn()`, `kthread()`, and `ret from fork()`. To prevent the crash, it is necessary to check for `port->partner` validity before dereferencing it in all the call sites.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.