CVE-2023-54299

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s USB Type-C functionality. Specifically, the type altmode attention function does not verify the existence of a device’s Alt Mode partner before sending an Attention message to the Alt Mode driver. This can lead to a NULL pointer dereference when accessing the typec altmode and typec altmode ops associated with the Alt Mode partner, potentially causing system instability or a crash. This issue occurs because some USB hubs negotiate DisplayPort Alt mode with a device and then attempt a data role swap after entering Alt mode. The data role swap causes the device to unregister all Alt modes, but the USB hub continues to send Attention messages even after failing to re-register the Alt Mode. The vulnerable function is type altmode attention.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.