CVE-2024-53149
📋 TL;DR
This vulnerability is an off-by-one error in the Linux kernel's UCSI (USB Type-C Connector System Software Interface) driver for PMIC Glink. It causes incorrect Type-C orientation reporting for the third USB-C connector on affected systems. This affects Linux systems with specific Qualcomm PMIC hardware and multiple USB-C ports.
💻 Affected Systems
- Linux kernel with PMIC Glink UCSI driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Incorrect Type-C orientation reporting could lead to improper power delivery, potential device damage, or data transfer issues on the affected USB-C port.
Likely Case
Intermittent USB-C connectivity problems, incorrect power negotiation, or orientation-dependent functionality failures on the third USB-C port.
If Mitigated
Minor connectivity issues that may be mistaken for hardware problems rather than software bugs.
🎯 Exploit Status
This is a logic bug requiring specific hardware and triggering conditions. No known exploitation in the wild.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 4a22918810980897393fa1776ea3877e4baf8cca, 6ba6f7f29e0dff47a2799e60dcd1b5c29cd811a5, 8a2273e5c1beb285729aa001422967b4711c53fe, or 9a5a8b5bd72169aa7a8ec800ef57be2f2cb4d9b2
Vendor Advisory: https://git.kernel.org/stable/c/4a22918810980897393fa1776ea3877e4baf8cca
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Avoid third USB-C port
linuxDo not use the third USB-C connector on affected systems
🧯 If You Can't Patch
- Monitor USB-C connectivity issues and avoid using the third port if problems occur
- Consider disabling the affected USB-C port in BIOS/UEFI if supported
🔍 How to Verify
Check if Vulnerable:
Check if system uses PMIC Glink UCSI driver: 'lsmod | grep ucsi' and 'dmesg | grep pmic_glink'. Check kernel version against affected range.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: 'uname -r' and check kernel changelog for the specific commit hashes.📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing USB-C orientation errors
- dmesg entries related to ucsi or pmic_glink failures
SIEM Query:
source="kernel" AND ("ucsi" OR "pmic_glink") AND (error OR fail)