Primary

Context

Linux Kernel xHCI NULL Pointer Dereference Vulnerability in Debugfs Port Link Info Files

Vulnerability

Patched

A NULL pointer dereference vulnerability has been identified in the Linux kernel's xHCI debugfs Port Link Info (PORTLI) files. This issue arises when the number of port registers in 'xhci->max_ports' exceeds those indicated by the Supported Protocol capabilities. Such a discrepancy can occur if 'max_ports' surpasses the maximum port number or if there are gaps between ports of varying speeds, leading to 'port->rhub' being NULL. Consequently, the xHCI information cannot be accessed. The vulnerability has been addressed by implementing a NULL check and modifying the PORTLI output to avoid dereferencing the NULL pointer.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a system crash.

Added: May 8, 2026, 8:26 PM

Updated: May 8, 2026, 8:26 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

7.7

relevance

7.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

7.7

relevance

7.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel xHCI NULL Pointer Dereference Vulnerability in Debugfs Port Link Info Files

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating