{"id":"AZL-42465","summary":"CVE-2024-36893 affecting package kernel for versions less than 6.6.35.1-4","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: Check for port partner validity before consuming it\n\ntypec_register_partner() does not guarantee partner registration\nto always succeed. In the event of failure, port-\u003epartner is set\nto the error value or NULL. Given that port-\u003epartner validity is\nnot checked, this results in the following crash:\n\nUnable to handle kernel NULL pointer dereference at virtual address xx\n pc : run_state_machine+0x1bc8/0x1c08\n lr : run_state_machine+0x1b90/0x1c08\n..\n Call trace:\n   run_state_machine+0x1bc8/0x1c08\n   tcpm_state_machine_work+0x94/0xe4\n   kthread_worker_fn+0x118/0x328\n   kthread+0x1d0/0x23c\n   ret_from_fork+0x10/0x20\n\nTo prevent the crash, check for port-\u003epartner validity before\nderefencing it in all the call sites.","modified":"2026-04-01T05:14:35.554407Z","published":"2024-05-30T16:15:12Z","upstream":["CVE-2024-36893"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36893"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.35.1-4"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-42465.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}