Description
In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle When passing 'phys' in the devicetree to describe the USB PHY phandle (which is the recommended way according to Documentation/devicetree/bindings/usb/ci-hdrc-usb2.txt) the following NULL pointer dereference is observed on i.MX7 and i.MX8MM: [ 1.489344] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000098 [ 1.498170] Mem abort info: [ 1.500966] ESR = 0x96000044 [ 1.504030] EC = 0x25: DABT (current EL), IL = 32 bits [ 1.509356] SET = 0, FnV = 0 [ 1.512416] EA = 0, S1PTW = 0 [ 1.515569] FSC = 0x04: level 0 translation fault [ 1.520458] Data abort info: [ 1.523349] ISV = 0, ISS = 0x00000044 [ 1.527196] CM = 0, WnR = 1 [ 1.530176] [0000000000000098] user address but active_mm is swapper [ 1.536544] Internal error: Oops: 96000044 [#1] PREEMPT SMP [ 1.542125] Modules linked in: [ 1.545190] CPU: 3 PID: 7 Comm: kworker/u8:0 Not tainted 5.14.0-dirty #3 [ 1.551901] Hardware name: Kontron i.MX8MM N801X S (DT) [ 1.557133] Workqueue: events_unbound deferred_probe_work_func [ 1.562984] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO BTYPE=--) [ 1.568998] pc : imx7d_charger_detection+0x3f0/0x510 [ 1.573973] lr : imx7d_charger_detection+0x22c/0x510 This happens because the charger functions check for the phy presence inside the imx_usbmisc_data structure (data->usb_phy), but the chipidea core populates the usb_phy passed via 'phys' inside 'struct ci_hdrc' (ci->usb_phy) instead. This causes the NULL pointer dereference inside imx7d_charger_detection(). Fix it by also searching for 'phys' in case 'fsl,usbphy' is not found. Tested on a imx7s-warp board.
Details
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Packages
| Software | From version | Fixed in |
|---|---|---|
| linux-allwinner-5.19 | — | — |
| linux-aws-5.0 | — | — |
| linux-aws-5.11 | — | — |
| linux-aws-5.13 | — | — |
| linux-aws-5.19 | — | — |
| linux-aws-5.3 | — | — |
| linux-aws-5.8 | — | — |
| linux-aws-6.2 | — | — |
| linux-azure | — | — |
| linux-azure-5.11 | — | — |
| linux-azure-5.13 | — | — |
| linux-azure-5.19 | — | — |
| linux-azure-5.3 | — | — |
| linux-azure-5.8 | — | — |
| linux-azure-6.2 | — | — |
| linux-azure-edge | — | — |
| linux-azure-fde | — | — |
| linux-azure-fde-5.19 | — | — |
| linux-azure-fde-6.2 | — | — |
| linux-gcp | — | — |
| linux-gcp-5.11 | — | — |
| linux-gcp-5.13 | — | — |
| linux-gcp-5.19 | — | — |
| linux-gcp-5.3 | — | — |
| linux-gcp-5.8 | — | — |
| linux-gcp-6.2 | — | — |
| linux-gke | — | — |
| linux-gke-4.15 | — | — |
| linux-gke-5.15 | — | — |
| linux-gke-5.4 | — | — |
| linux-gkeop-5.4 | — | — |
| linux-hwe | — | — |
| linux-hwe-5.11 | — | — |
| linux-hwe-5.13 | — | — |
| linux-hwe-5.19 | — | — |
| linux-hwe-5.8 | — | — |
| linux-hwe-6.2 | — | — |
| linux-hwe-edge | — | — |
| linux-intel-5.13 | — | — |
| linux-lowlatency-hwe-5.19 | — | — |
| linux-lowlatency-hwe-6.2 | — | — |
| linux-nvidia-6.2 | — | — |
| linux-oem | — | — |
| linux-oem-5.10 | — | — |
| linux-oem-5.13 | — | — |
| linux-oem-5.14 | — | — |
| linux-oem-5.17 | — | — |
| linux-oem-5.6 | — | — |
| linux-oem-6.0 | — | — |
| linux-oem-6.1 | — | — |
| linux-oracle-5.0 | — | — |
| linux-oracle-5.11 | — | — |
| linux-oracle-5.13 | — | — |
| linux-oracle-5.3 | — | — |
| linux-oracle-5.8 | — | — |
| linux-raspi2 | — | — |
| linux-riscv | — | — |
| linux-riscv-5.11 | — | — |
| linux-riscv-5.19 | — | — |
| linux-riscv-5.8 | — | — |
| linux-starfive-5.19 | — | — |
| linux-starfive-6.2 | — | — |
References
Similar Threats
- Unknown UBUNTU-CVE-2016-20022
- Unknown UBUNTU-CVE-2020-36778
- Unknown UBUNTU-CVE-2020-36779
- Unknown UBUNTU-CVE-2020-36780
- Unknown UBUNTU-CVE-2020-36781
Free Vulnerability Check
Is your WordPress site affected?
BotEraser helps you identify potentially vulnerable plugins and themes by checking your installation against known CVE records.
Scan My Site Free →No credit card required · Results in minutes
ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.