CVE-2024-40903
- Source
- https://cve.org/CVERecord?id=CVE-2024-40903
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-40903.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-40903
- Downstream
- Related
- Published
- 2024-07-12T12:20:44.367Z
- Modified
- 2026-03-13T07:57:13.881382Z
- Summary
- usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: tcpm: fix use-after-free case in tcpmregistersource_caps
There could be a potential use-after-free case in tcpmregistersourcecaps(). This could happen when: * new (say invalid) source caps are advertised * the existing source caps are unregistered * tcpmregistersourcecaps() returns with an error as usbpowerdeliveryregistercapabilities() fails
This causes port->partnersourcecaps to hold on to the now freed source caps.
Reset port->partnersourcecaps value to NULL after unregistering existing source caps.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/40xxx/CVE-2024-40903.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/04c05d50fa79a41582f7bde8a1fd4377ae4a39e5
- https://git.kernel.org/stable/c/4053696594d7235f3638d49a00cf0f289e4b36a3
- https://git.kernel.org/stable/c/6b67b652849faf108a09647c7fde9b179ef24e2b
- https://git.kernel.org/stable/c/e7e921918d905544500ca7a95889f898121ba886
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/40xxx/CVE-2024-40903.json
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-40903
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedcfcd544a9974c6b6fb37ca385146e4796dcaf66dFixed4053696594d7235f3638d49a00cf0f289e4b36a3
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb16abab1fb645c4b7a86c357dc83a48cf21c2795Fixed04c05d50fa79a41582f7bde8a1fd4377ae4a39e5
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced230ecdf71a644c9c73e0e6735b33173074ae3f94Fixed6b67b652849faf108a09647c7fde9b179ef24e2bFixede7e921918d905544500ca7a95889f898121ba886
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected931b5f302d6f7126dbd6879c42d3d6ca580be423