CVE-2026-53028
Received Received - Intake
Null pointer dereference in Linux kernel USB Type-C driver

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: usb: typec: Fix error pointer dereference The variable tps->partner is checked for an error pointer and then if it is, it sends an error message but does not return and then immediately dereferenced a few lines below: tps->partner = typec_register_partner(tps->port, &desc); if (IS_ERR(tps->partner)) dev_warn(tps->dev, "%s: failed to register partnet\n", __func__); if (desc.identity) { typec_partner_set_identity(tps->partner); cd321x->cur_partner_identity = st.partner_identity; } Add early return and fix spelling mistake in error message. Detected by Smatch: drivers/usb/typec/tipd/core.c:827 cd321x_update_work() error: 'tps->partner' dereferencing possible ERR_PTR()
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-53028
EUVD
EUVD-2026-38896
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

Dereferencing an error pointer in kernel code can lead to undefined behavior, including kernel crashes or system instability. This can cause denial of service by crashing the system or potentially lead to other unintended consequences depending on the context in which the error occurs.

Executive Summary

This vulnerability exists in the Linux kernel's USB Type-C driver code. Specifically, the variable 'tps->partner' is assigned a value that may be an error pointer. The code checks if 'tps->partner' is an error pointer and logs a warning if so, but it does not return early. Instead, it continues and dereferences 'tps->partner' immediately afterward, which can lead to an error pointer dereference.

The fix involved adding an early return after detecting the error pointer to prevent dereferencing it, as well as correcting a spelling mistake in the error message.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53028. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart