CVE-2024-40903

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps There could be a potential use-after-free case in tcpm_register_source_caps(). This could happen when: * new (say invalid) source caps are advertised * the existing source caps are unregistered * tcpm_register_source_caps() returns with an error as usb_power_delivery_register_capabilities() fails This causes port->partner_source_caps to hold on to the now freed source caps. Reset port->partner_source_caps value to NULL after unregistering existing source caps.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/04c05d50fa79a41582f7bde8a1fd4377ae4a39e5	Patch
https://git.kernel.org/stable/c/4053696594d7235f3638d49a00cf0f289e4b36a3	Patch
https://git.kernel.org/stable/c/6b67b652849faf108a09647c7fde9b179ef24e2b	Patch
https://git.kernel.org/stable/c/e7e921918d905544500ca7a95889f898121ba886	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.10:rc3::::::

History

24 Jul 2024, 19:01

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CPE		cpe:2.3:o:linux:linux_kernel:6.10:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.10:rc2:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.10:rc3::::::
First Time		Linux Linux linux Kernel
CWE		CWE-416
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: typec: tcpm: arreglar el caso de use-after-free en tcpm_register_source_caps Podría haber un posible caso de use-after-free en tcpm_register_source_caps(). Esto podría suceder cuando: * se anuncian límites de fuente nuevos (por ejemplo, no válidos) * los límites de fuente existentes no están registrados * tcpm_register_source_caps() devuelve un error ya que usb_power_delivery_register_capabilities() falla Esto hace que port->partner_source_caps conserve los límites de fuente ahora liberados. Restablezca el valor de puerto->partner_source_caps a NULL después de cancelar el registro de los límites de origen existentes.
References	~~() https://git.kernel.org/stable/c/04c05d50fa79a41582f7bde8a1fd4377ae4a39e5 -~~	() https://git.kernel.org/stable/c/04c05d50fa79a41582f7bde8a1fd4377ae4a39e5 - Patch
References	~~() https://git.kernel.org/stable/c/4053696594d7235f3638d49a00cf0f289e4b36a3 -~~	() https://git.kernel.org/stable/c/4053696594d7235f3638d49a00cf0f289e4b36a3 - Patch
References	~~() https://git.kernel.org/stable/c/6b67b652849faf108a09647c7fde9b179ef24e2b -~~	() https://git.kernel.org/stable/c/6b67b652849faf108a09647c7fde9b179ef24e2b - Patch
References	~~() https://git.kernel.org/stable/c/e7e921918d905544500ca7a95889f898121ba886 -~~	() https://git.kernel.org/stable/c/e7e921918d905544500ca7a95889f898121ba886 - Patch

12 Jul 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-12 13:15

Updated : 2024-07-24 19:01

NVD link : CVE-2024-40903

Mitre link : CVE-2024-40903

CVE.ORG link : CVE-2024-40903

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

7.8 /10