vulnerability
Ubuntu: (CVE-2023-54299): linux vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | Jan 2, 2026 | Jan 6, 2026 | Jan 7, 2026 |
Description
In the Linux kernel, the following vulnerability has been resolved: usb: typec: bus: verify partner exists in typec_altmode_attention Some usb hubs will negotiate DisplayPort Alt mode with the device but will then negotiate a data role swap after entering the alt mode. The data role swap causes the device to unregister all alt modes, however the usb hub will still send Attention messages even after failing to reregister the Alt Mode. type_altmode_attention currently does not verify whether or not a device's altmode partner exists, which results in a NULL pointer error when dereferencing the typec_altmode and typec_altmode_ops belonging to the altmode partner. Verify the presence of a device's altmode partner before sending the Attention message to the Alt Mode driver.
Solutions
References
- CVE-2023-54299
- https://attackerkb.com/topics/CVE-2023-54299
- URL-https://git.kernel.org/linus/f23643306430f86e2f413ee2b986e0773e79da31
- URL-https://git.kernel.org/stable/c/0ad6bad31da692f8d7acacab07eabe7586239ae0
- URL-https://git.kernel.org/stable/c/0d3b5fe47938e9c451466845304a2bd74e967a80
- URL-https://git.kernel.org/stable/c/1101867a1711c27d8bbe0e83136bec47f8c1ca2a
- URL-https://git.kernel.org/stable/c/38e1f2ee82bacbbfded8f1c06794a443d038d054
- URL-https://git.kernel.org/stable/c/5f71716772b88cbe0e1788f6a38d7871aff2120b
- URL-https://git.kernel.org/stable/c/d49547950bf7f3480d6ca05fe055978e5f0d9e5b
- URL-https://git.kernel.org/stable/c/f23643306430f86e2f413ee2b986e0773e79da31
- URL-https://www.cve.org/CVERecord?id=CVE-2023-54299
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.