We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-53203

usb: typec: fix potential array underflow in ucsi_ccg_sync_control()



Description

In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() The "command" variable can be controlled by the user via debugfs. The worry is that if con_index is zero then "&uc->ucsi->connector[con_index - 1]" would be an array underflow.

Reserved 2024-11-19 | Published 2024-12-27 | Updated 2025-01-20 | Assigner Linux

Product status

Default status
unaffected

170a6726d0e266f2c8f306e3d61715c32f4ee41e before ef92cd55289a282910575c5b9d87f646f2d39b38
affected

170a6726d0e266f2c8f306e3d61715c32f4ee41e before 56971710cd541f2f05160a84b3183477d34a1be9
affected

170a6726d0e266f2c8f306e3d61715c32f4ee41e before e56aac6e5a25630645607b6856d4b2a17b2311a5
affected

Default status
affected

5.6
affected

Any version before 5.6
unaffected

6.11.11
unaffected

6.12.2
unaffected

6.13
unaffected

References

git.kernel.org/...c/ef92cd55289a282910575c5b9d87f646f2d39b38

git.kernel.org/...c/56971710cd541f2f05160a84b3183477d34a1be9

git.kernel.org/...c/e56aac6e5a25630645607b6856d4b2a17b2311a5

cve.org (CVE-2024-53203)

nvd.nist.gov (CVE-2024-53203)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-53203

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.