CVE-2024-40903

Summary

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps

There could be a potential use-after-free case in tcpm_register_source_caps(). This could happen when:

  • new (say invalid) source caps are advertised
  • the existing source caps are unregistered
  • tcpm_register_source_caps() returns with an error as usb_power_delivery_register_capabilities() fails

This causes port->partner_source_caps to hold on to the now freed source caps.

Reset port->partner_source_caps value to NULL after unregistering existing source caps.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxcfcd544a9974c6b6fb37ca385146e4796dcaf66d < 4053696594d7235f3638d49a00cf0f289e4b36a3affected
LinuxLinuxb16abab1fb645c4b7a86c357dc83a48cf21c2795 < 04c05d50fa79a41582f7bde8a1fd4377ae4a39e5affected
LinuxLinux230ecdf71a644c9c73e0e6735b33173074ae3f94 < 6b67b652849faf108a09647c7fde9b179ef24e2baffected
LinuxLinux230ecdf71a644c9c73e0e6735b33173074ae3f94 < e7e921918d905544500ca7a95889f898121ba886affected
LinuxLinux931b5f302d6f7126dbd6879c42d3d6ca580be423affected
LinuxLinux6.1.91 < 6.1.95affected
LinuxLinux6.6.31 < 6.6.35affected
LinuxLinux6.8.10 < 6.9affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.1.95 <= 6.1.*unaffected
LinuxLinux6.6.35 <= 6.6.*unaffected
LinuxLinux6.9.6 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References