Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-40903

Опубликовано: 12 июл. 2024
Источник: nvd
CVSS3: 7.8
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps

There could be a potential use-after-free case in tcpm_register_source_caps(). This could happen when:

  • new (say invalid) source caps are advertised
  • the existing source caps are unregistered
  • tcpm_register_source_caps() returns with an error as usb_power_delivery_register_capabilities() fails

This causes port->partner_source_caps to hold on to the now freed source caps.

Reset port->partner_source_caps value to NULL after unregistering existing source caps.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.1.61 (включая) до 6.1.95 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.6.31 (включая) до 6.6.35 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 6.9 (включая) до 6.9.6 (исключая)
cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*

EPSS

Процентиль: 14%
0.00046
Низкий

7.8 High

CVSS3

Дефекты

CWE-416

Связанные уязвимости

ubuntu логотип

CVE-2024-40903

CVSS3: 7.8
ubuntu
11 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps There could be a potential use-after-free case in tcpm_register_source_caps(). This could happen when: * new (say invalid) source caps are advertised * the existing source caps are unregistered * tcpm_register_source_caps() returns with an error as usb_power_delivery_register_capabilities() fails This causes port->partner_source_caps to hold on to the now freed source caps. Reset port->partner_source_caps value to NULL after unregistering existing source caps.

redhat логотип

CVE-2024-40903

CVSS3: 5.2
redhat
11 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps There could be a potential use-after-free case in tcpm_register_source_caps(). This could happen when: * new (say invalid) source caps are advertised * the existing source caps are unregistered * tcpm_register_source_caps() returns with an error as usb_power_delivery_register_capabilities() fails This causes port->partner_source_caps to hold on to the now freed source caps. Reset port->partner_source_caps value to NULL after unregistering existing source caps.

debian логотип

CVE-2024-40903

CVSS3: 7.8
debian
11 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: u ...

github логотип

GHSA-h2pc-hp6x-5m8m

CVSS3: 7.8
github
11 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps There could be a potential use-after-free case in tcpm_register_source_caps(). This could happen when: * new (say invalid) source caps are advertised * the existing source caps are unregistered * tcpm_register_source_caps() returns with an error as usb_power_delivery_register_capabilities() fails This causes port->partner_source_caps to hold on to the now freed source caps. Reset port->partner_source_caps value to NULL after unregistering existing source caps.

fstec логотип

BDU:2024-07750

CVSS3: 7.8
fstec
около 1 года назад

Уязвимость функции tcpm_register_source_caps() драйвера контроллера USB Type-C ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 14%
0.00046
Низкий

7.8 High

CVSS3

Дефекты

CWE-416