CVE-2023-53048

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description A warning in the Linux kernel has been resolved. The issue occurs when handling a discover identity message in the USB typec tcpm module. This warning can be triggered by specific sequences of events, including the reception of a discover identity message from a partner device. The state machine could still send out a discover identity message later if the current message is skipped, resulting in a warning. To fix this, the received message is handled first, and the pending discover identity message is overridden without warning.

Recommendations For Linux kernel versions prior to the fixed version, consider applying the fix that handles the received discover identity message firstly and overrides the pending discover identity message without warning. As a temporary workaround, consider disabling the tcpm queue vdm function until a patch is available. Restrict access to the vulnerable tcpm module to minimize the risk of exploitation. Avoid using the vdm state variable in the affected API endpoint until the issue is resolved.