7.8

CVE-2024-40903

usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps

There could be a potential use-after-free case in
tcpm_register_source_caps(). This could happen when:
 * new (say invalid) source caps are advertised
 * the existing source caps are unregistered
 * tcpm_register_source_caps() returns with an error as
   usb_power_delivery_register_capabilities() fails

This causes port->partner_source_caps to hold on to the now freed source
caps.

Reset port->partner_source_caps value to NULL after unregistering
existing source caps.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.1.61 < 6.1.95
LinuxLinux Kernel Version >= 6.6.31 < 6.6.35
LinuxLinux Kernel Version >= 6.9 < 6.9.6
LinuxLinux Kernel Version6.10 Updaterc1
LinuxLinux Kernel Version6.10 Updaterc2
LinuxLinux Kernel Version6.10 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.198
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/04c05d50fa79a41582f7bde8a1fd4377ae4a39e5
Patch
https://git.kernel.org/stable/c/4053696594d7235f3638d49a00cf0f289e4b36a3
Patch
https://git.kernel.org/stable/c/6b67b652849faf108a09647c7fde9b179ef24e2b
Patch
https://git.kernel.org/stable/c/e7e921918d905544500ca7a95889f898121ba886
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html