{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-52901","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-08-21T06:07:11.014Z","datePublished":"2024-08-21T06:10:41.640Z","dateUpdated":"2025-05-04T07:45:40.190Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:45:40.190Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Check endpoint is valid before dereferencing it\n\nWhen the host controller is not responding, all URBs queued to all\nendpoints need to be killed. This can cause a kernel panic if we\ndereference an invalid endpoint.\n\nFix this by using xhci_get_virt_ep() helper to find the endpoint and\nchecking if the endpoint is valid before dereferencing it.\n\n[233311.853271] xhci-hcd xhci-hcd.1.auto: xHCI host controller not responding, assume dead\n[233311.853393] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000e8\n\n[233311.853964] pc : xhci_hc_died+0x10c/0x270\n[233311.853971] lr : xhci_hc_died+0x1ac/0x270\n\n[233311.854077] Call trace:\n[233311.854085]  xhci_hc_died+0x10c/0x270\n[233311.854093]  xhci_stop_endpoint_command_watchdog+0x100/0x1a4\n[233311.854105]  call_timer_fn+0x50/0x2d4\n[233311.854112]  expire_timers+0xac/0x2e4\n[233311.854118]  run_timer_softirq+0x300/0xabc\n[233311.854127]  __do_softirq+0x148/0x528\n[233311.854135]  irq_exit+0x194/0x1a8\n[233311.854143]  __handle_domain_irq+0x164/0x1d0\n[233311.854149]  gic_handle_irq.22273+0x10c/0x188\n[233311.854156]  el1_irq+0xfc/0x1a8\n[233311.854175]  lpm_cpuidle_enter+0x25c/0x418 [msm_pm]\n[233311.854185]  cpuidle_enter_state+0x1f0/0x764\n[233311.854194]  do_idle+0x594/0x6ac\n[233311.854201]  cpu_startup_entry+0x7c/0x80\n[233311.854209]  secondary_start_kernel+0x170/0x198"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/host/xhci-ring.c"],"versions":[{"version":"50e8725e7c429701e530439013f9681e1fa36b5d","lessThan":"375be2dd61a072f7b1cac9b17eea59e07b58db3a","status":"affected","versionType":"git"},{"version":"50e8725e7c429701e530439013f9681e1fa36b5d","lessThan":"2d2820d5f375563690c96e60676855205abfb7f5","status":"affected","versionType":"git"},{"version":"50e8725e7c429701e530439013f9681e1fa36b5d","lessThan":"9891e5c73cab3fd9ed532dc50e9799e55e974766","status":"affected","versionType":"git"},{"version":"50e8725e7c429701e530439013f9681e1fa36b5d","lessThan":"66fc1600855c05c4ba4e997184c91cf298e0405c","status":"affected","versionType":"git"},{"version":"50e8725e7c429701e530439013f9681e1fa36b5d","lessThan":"f39c813af0b64f44af94e435c07bfa1ddc2575f5","status":"affected","versionType":"git"},{"version":"50e8725e7c429701e530439013f9681e1fa36b5d","lessThan":"08864dc14a6803f0377ca77b9740b26db30c020f","status":"affected","versionType":"git"},{"version":"50e8725e7c429701e530439013f9681e1fa36b5d","lessThan":"e8fb5bc76eb86437ab87002d4a36d6da02165654","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/host/xhci-ring.c"],"versions":[{"version":"3.15","status":"affected"},{"version":"0","lessThan":"3.15","status":"unaffected","versionType":"semver"},{"version":"4.14.304","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.271","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.230","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.165","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.90","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.8","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"4.14.304"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"4.19.271"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"5.4.230"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"5.10.165"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"5.15.90"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"6.1.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"6.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/375be2dd61a072f7b1cac9b17eea59e07b58db3a"},{"url":"https://git.kernel.org/stable/c/2d2820d5f375563690c96e60676855205abfb7f5"},{"url":"https://git.kernel.org/stable/c/9891e5c73cab3fd9ed532dc50e9799e55e974766"},{"url":"https://git.kernel.org/stable/c/66fc1600855c05c4ba4e997184c91cf298e0405c"},{"url":"https://git.kernel.org/stable/c/f39c813af0b64f44af94e435c07bfa1ddc2575f5"},{"url":"https://git.kernel.org/stable/c/08864dc14a6803f0377ca77b9740b26db30c020f"},{"url":"https://git.kernel.org/stable/c/e8fb5bc76eb86437ab87002d4a36d6da02165654"}],"title":"usb: xhci: Check endpoint is valid before dereferencing it","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-52901","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T16:03:27.437210Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-12T17:33:14.673Z"}}]}}