Bug 2492367 (CVE-2026-53028) - CVE-2026-53028 kernel: usb: typec: Fix error pointer dereference
Summary: CVE-2026-53028 kernel: usb: typec: Fix error pointer dereference
Keywords:
Status: NEW
Alias: CVE-2026-53028
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-06-24 18:08 UTC by OSIDB Bzimport
Modified: 2026-06-26 16:32 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-06-24 18:08:12 UTC
In the Linux kernel, the following vulnerability has been resolved:

usb: typec: Fix error pointer dereference

The variable tps->partner is checked for an error pointer and then if it
is, it sends an error message but does not return and then immediately
dereferenced a few lines below:

tps->partner = typec_register_partner(tps->port, &desc);
if (IS_ERR(tps->partner))
	dev_warn(tps->dev, "%s: failed to register partnet\n", __func__);

if (desc.identity) {
	typec_partner_set_identity(tps->partner);
	cd321x->cur_partner_identity = st.partner_identity;
}

Add early return and fix spelling mistake in error message.

Detected by Smatch:
drivers/usb/typec/tipd/core.c:827 cd321x_update_work() error:
'tps->partner' dereferencing possible ERR_PTR()

Comment 1 Mauro Matteo Cascella 2026-06-26 16:28:16 UTC
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026062453-CVE-2026-53028-84c9@gregkh/T


Note You need to log in before you can comment on or make changes to this bug.