Description

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps There could be a potential use-after-free case in tcpm_register_source_caps(). This could happen when: * new (say invalid) source caps are advertised * the existing source caps are unregistered * tcpm_register_source_caps() returns with an error as usb_power_delivery_register_capabilities() fails This causes port->partner_source_caps to hold on to the now freed source caps. Reset port->partner_source_caps value to NULL after unregistering existing source caps.

INFO

Published Date :

2024-07-12T12:20:44.367Z

Last Modified :

2025-11-03T21:57:31.827Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-40903 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-40903.

URL Resource
https://git.kernel.org/stable/c/04c05d50fa79a41582f7bde8a1fd4377ae4a39e5 cve-icon cve-icon
https://git.kernel.org/stable/c/4053696594d7235f3638d49a00cf0f289e4b36a3 cve-icon cve-icon
https://git.kernel.org/stable/c/6b67b652849faf108a09647c7fde9b179ef24e2b cve-icon cve-icon
https://git.kernel.org/stable/c/e7e921918d905544500ca7a95889f898121ba886 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html cve-icon
https://lore.kernel.org/linux-cve-announce/2024071208-CVE-2024-40903-8fd1@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-40903 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-40903 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact