CVE-2026-53028
Awaiting Analysis Awaiting Analysis - Queue

Null pointer dereference in Linux kernel USB Type-C driver

Vulnerability report for CVE-2026-53028, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-24

Last updated on: 2026-07-10

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: usb: typec: Fix error pointer dereference The variable tps->partner is checked for an error pointer and then if it is, it sends an error message but does not return and then immediately dereferenced a few lines below: tps->partner = typec_register_partner(tps->port, &desc); if (IS_ERR(tps->partner)) dev_warn(tps->dev, "%s: failed to register partnet\n", __func__); if (desc.identity) { typec_partner_set_identity(tps->partner); cd321x->cur_partner_identity = st.partner_identity; } Add early return and fix spelling mistake in error message. Detected by Smatch: drivers/usb/typec/tipd/core.c:827 cd321x_update_work() error: 'tps->partner' dereferencing possible ERR_PTR()

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-24
Last Modified
2026-07-10
Generated
2026-07-15
AI Q&A
2026-06-24
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

Dereferencing an error pointer in kernel code can lead to undefined behavior, including kernel crashes or system instability. This can cause denial of service by crashing the system or potentially lead to other unintended consequences depending on the context in which the error occurs.

Executive Summary

This vulnerability exists in the Linux kernel's USB Type-C driver code. Specifically, the variable 'tps->partner' is assigned a value that may be an error pointer. The code checks if 'tps->partner' is an error pointer and logs a warning if so, but it does not return early. Instead, it continues and dereferences 'tps->partner' immediately afterward, which can lead to an error pointer dereference.

The fix involved adding an early return after detecting the error pointer to prevent dereferencing it, as well as correcting a spelling mistake in the error message.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53028. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart