CVE-2023-53049

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A NULL pointer dereference issue has been identified in the Linux kernel, specifically in the ucsi connector change() function. This issue occurs when ucsi init() fails, resulting in a NULL ucsi->connector pointer. However, in the case of ucsi acpi, events may still be triggered, causing the ucsi acpi code to call ucsi connector change(), which then dereferences the NULL ucsi->connector pointer. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations To resolve this issue, ensure that ucsi init() has succeeded before setting ucsi->ntfy, so that ucsi connector change() ignores events because UCSI ENABLE NTFY CONNECTOR CHANGE is not set in the ntfy mask. As a temporary workaround, consider disabling the ucsi connector change() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.