1. Home
  2. Vulnerabilities
  3. CVE-2023-54299
0.0
NA
CVE-2023-54299
usb: typec: bus: verify partner exists in typec_altmode_attention
Description

In the Linux kernel, the following vulnerability has been resolved: usb: typec: bus: verify partner exists in typec_altmode_attention Some usb hubs will negotiate DisplayPort Alt mode with the device but will then negotiate a data role swap after entering the alt mode. The data role swap causes the device to unregister all alt modes, however the usb hub will still send Attention messages even after failing to reregister the Alt Mode. type_altmode_attention currently does not verify whether or not a device's altmode partner exists, which results in a NULL pointer error when dereferencing the typec_altmode and typec_altmode_ops belonging to the altmode partner. Verify the presence of a device's altmode partner before sending the Attention message to the Alt Mode driver.

INFO

Published Date :

Dec. 30, 2025, 1:16 p.m.

Last Modified :

Dec. 30, 2025, 1:16 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2023-54299 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

: Total Affected Vendor : 0 | Products : 0
Solution
Fix a NULL pointer error by verifying altmode partner before sending Attention messages.
  • Verify altmode partner presence before sending Attention.
  • Apply the Linux kernel patch for usb: typec: bus.
  • Update the Linux kernel to a fixed version.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-54299.

URL Resource
https://git.kernel.org/stable/c/0ad6bad31da692f8d7acacab07eabe7586239ae0
https://git.kernel.org/stable/c/0d3b5fe47938e9c451466845304a2bd74e967a80
https://git.kernel.org/stable/c/1101867a1711c27d8bbe0e83136bec47f8c1ca2a
https://git.kernel.org/stable/c/38e1f2ee82bacbbfded8f1c06794a443d038d054
https://git.kernel.org/stable/c/5f71716772b88cbe0e1788f6a38d7871aff2120b
https://git.kernel.org/stable/c/d49547950bf7f3480d6ca05fe055978e5f0d9e5b
https://git.kernel.org/stable/c/f23643306430f86e2f413ee2b986e0773e79da31
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-54299 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-54299 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-54299 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2023-54299 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Dec. 30, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: usb: typec: bus: verify partner exists in typec_altmode_attention Some usb hubs will negotiate DisplayPort Alt mode with the device but will then negotiate a data role swap after entering the alt mode. The data role swap causes the device to unregister all alt modes, however the usb hub will still send Attention messages even after failing to reregister the Alt Mode. type_altmode_attention currently does not verify whether or not a device's altmode partner exists, which results in a NULL pointer error when dereferencing the typec_altmode and typec_altmode_ops belonging to the altmode partner. Verify the presence of a device's altmode partner before sending the Attention message to the Alt Mode driver.
    Added Reference https://git.kernel.org/stable/c/0ad6bad31da692f8d7acacab07eabe7586239ae0
    Added Reference https://git.kernel.org/stable/c/0d3b5fe47938e9c451466845304a2bd74e967a80
    Added Reference https://git.kernel.org/stable/c/1101867a1711c27d8bbe0e83136bec47f8c1ca2a
    Added Reference https://git.kernel.org/stable/c/38e1f2ee82bacbbfded8f1c06794a443d038d054
    Added Reference https://git.kernel.org/stable/c/5f71716772b88cbe0e1788f6a38d7871aff2120b
    Added Reference https://git.kernel.org/stable/c/d49547950bf7f3480d6ca05fe055978e5f0d9e5b
    Added Reference https://git.kernel.org/stable/c/f23643306430f86e2f413ee2b986e0773e79da31
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.