CVE-2024-57914: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57914 affects the Linux kernel's USB Type-C Port Controller Interface (TCPCI) driver. The vulnerability was discovered in January 2024 and involves a NULL pointer dereference issue that occurs in the tcpci_irq() function when two Type-C ports share one interrupt. This vulnerability affects Linux kernel versions from 6.12 up to (excluding) 6.12.10, and various release candidates of version 6.13 (NVD).

The vulnerability manifests as a NULL pointer dereference in the tcpciirq() function when attempting to access the regmap. The issue occurs in shared interrupt scenarios where two Type-C ports share one IRQ. The problem arises when an interrupt is triggered after the first port completes tcpciregister_port(), but before the second port's initialization is complete. The CVSS v3.1 base score is 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can cause a kernel NULL pointer dereference, leading to a system crash and denial of service. The issue specifically affects systems where multiple Type-C ports share interrupt handlers, potentially causing system instability or crashes (Kernel Patch).

The issue has been fixed in the Linux kernel through a patch that modifies the interrupt handling sequence and ALERTMASK register setting. The fix involves changing the order of operations in tcpciprobe() and ensuring proper initialization sequence. Users should upgrade to Linux kernel version 6.12.10 or later to address this vulnerability (Kernel Patch).