{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-40903", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.579Z", "datePublished": "2024-07-12T12:20:44.367Z", "dateUpdated": "2024-09-11T17:34:38.436Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:51:09.038Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps\n\nThere could be a potential use-after-free case in\ntcpm_register_source_caps(). This could happen when:\n * new (say invalid) source caps are advertised\n * the existing source caps are unregistered\n * tcpm_register_source_caps() returns with an error as\n usb_power_delivery_register_capabilities() fails\n\nThis causes port->partner_source_caps to hold on to the now freed source\ncaps.\n\nReset port->partner_source_caps value to NULL after unregistering\nexisting source caps."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/usb/typec/tcpm/tcpm.c"], "versions": [{"version": "cfcd544a9974", "lessThan": "4053696594d7", "status": "affected", "versionType": "git"}, {"version": "b16abab1fb64", "lessThan": "04c05d50fa79", "status": "affected", "versionType": "git"}, {"version": "230ecdf71a64", "lessThan": "6b67b652849f", "status": "affected", "versionType": "git"}, {"version": "230ecdf71a64", "lessThan": "e7e921918d90", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/usb/typec/tcpm/tcpm.c"], "versions": [{"version": "6.9", "status": "affected"}, {"version": "0", "lessThan": "6.9", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.95", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.35", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.6", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/4053696594d7235f3638d49a00cf0f289e4b36a3"}, {"url": "https://git.kernel.org/stable/c/04c05d50fa79a41582f7bde8a1fd4377ae4a39e5"}, {"url": "https://git.kernel.org/stable/c/6b67b652849faf108a09647c7fde9b179ef24e2b"}, {"url": "https://git.kernel.org/stable/c/e7e921918d905544500ca7a95889f898121ba886"}], "title": "usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:54.867Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/4053696594d7235f3638d49a00cf0f289e4b36a3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/04c05d50fa79a41582f7bde8a1fd4377ae4a39e5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6b67b652849faf108a09647c7fde9b179ef24e2b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e7e921918d905544500ca7a95889f898121ba886", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40903", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:06:28.165210Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:38.436Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/4053696594d7235f3638d49a00cf0f289e4b36a3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/04c05d50fa79a41582f7bde8a1fd4377ae4a39e5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6b67b652849faf108a09647c7fde9b179ef24e2b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e7e921918d905544500ca7a95889f898121ba886", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:54.867Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40903", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:06:28.165210Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:24.924Z"}}], "cna": {"title": "usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "cfcd544a9974", "lessThan": "4053696594d7", "versionType": "git"}, {"status": "affected", "version": "b16abab1fb64", "lessThan": "04c05d50fa79", "versionType": "git"}, {"status": "affected", "version": "230ecdf71a64", "lessThan": "6b67b652849f", "versionType": "git"}, {"status": "affected", "version": "230ecdf71a64", "lessThan": "e7e921918d90", "versionType": "git"}], "programFiles": ["drivers/usb/typec/tcpm/tcpm.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.9"}, {"status": "unaffected", "version": "0", "lessThan": "6.9", "versionType": "custom"}, {"status": "unaffected", "version": "6.1.95", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.35", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.6", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/usb/typec/tcpm/tcpm.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/4053696594d7235f3638d49a00cf0f289e4b36a3"}, {"url": "https://git.kernel.org/stable/c/04c05d50fa79a41582f7bde8a1fd4377ae4a39e5"}, {"url": "https://git.kernel.org/stable/c/6b67b652849faf108a09647c7fde9b179ef24e2b"}, {"url": "https://git.kernel.org/stable/c/e7e921918d905544500ca7a95889f898121ba886"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps\n\nThere could be a potential use-after-free case in\ntcpm_register_source_caps(). This could happen when:\n * new (say invalid) source caps are advertised\n * the existing source caps are unregistered\n * tcpm_register_source_caps() returns with an error as\n usb_power_delivery_register_capabilities() fails\n\nThis causes port->partner_source_caps to hold on to the now freed source\ncaps.\n\nReset port->partner_source_caps value to NULL after unregistering\nexisting source caps."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:51:09.038Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40903", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:34:38.436Z", "dateReserved": "2024-07-12T12:17:45.579Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-12T12:20:44.367Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "84374DE2-3256-4B28-905E-BCB7407CE7DE", "versionEndExcluding": "6.1.95", "versionStartIncluding": "6.1.61", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3775F39F-C7DC-42FB-9E42-7C07CD017B48", "versionEndExcluding": "6.6.35", "versionStartIncluding": "6.6.31", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A2E0E6CD-2DC0-4E5C-9037-9A023960B2F9", "versionEndExcluding": "6.9.6", "versionStartIncluding": "6.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps\n\nThere could be a potential use-after-free case in\ntcpm_register_source_caps(). This could happen when:\n * new (say invalid) source caps are advertised\n * the existing source caps are unregistered\n * tcpm_register_source_caps() returns with an error as\n usb_power_delivery_register_capabilities() fails\n\nThis causes port->partner_source_caps to hold on to the now freed source\ncaps.\n\nReset port->partner_source_caps value to NULL after unregistering\nexisting source caps."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: typec: tcpm: arreglar el caso de use-after-free en tcpm_register_source_caps Podr\u00eda haber un posible caso de use-after-free en tcpm_register_source_caps(). Esto podr\u00eda suceder cuando: * se anuncian l\u00edmites de fuente nuevos (por ejemplo, no v\u00e1lidos) * los l\u00edmites de fuente existentes no est\u00e1n registrados * tcpm_register_source_caps() devuelve un error ya que usb_power_delivery_register_capabilities() falla Esto hace que port->partner_source_caps conserve los l\u00edmites de fuente ahora liberados. Restablezca el valor de puerto->partner_source_caps a NULL despu\u00e9s de cancelar el registro de los l\u00edmites de origen existentes."}], "id": "CVE-2024-40903", "lastModified": "2024-07-24T19:01:54.317", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-12T13:15:13.660", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/04c05d50fa79a41582f7bde8a1fd4377ae4a39e5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4053696594d7235f3638d49a00cf0f289e4b36a3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6b67b652849faf108a09647c7fde9b179ef24e2b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e7e921918d905544500ca7a95889f898121ba886"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps", "id": "2297487", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297487"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nusb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps\nThere could be a potential use-after-free case in\ntcpm_register_source_caps(). This could happen when:\n* new (say invalid) source caps are advertised\n* the existing source caps are unregistered\n* tcpm_register_source_caps() returns with an error as\nusb_power_delivery_register_capabilities() fails\nThis causes port->partner_source_caps to hold on to the now freed source\ncaps.\nReset port->partner_source_caps value to NULL after unregistering\nexisting source caps.", "A vulnerability was found in the tcpm_register_source_caps function in the Linux kernel's USB Type-C TCPM component. This issue arises when new, potentially invalid source capabilities are advertised while existing capabilities are unregistered, leading to a use-after-free condition if the registration fails."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-40903", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40903\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40903\nhttps://lore.kernel.org/linux-cve-announce/2024071208-CVE-2024-40903-8fd1@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 6.1.95, kernel 6.6.35, kernel 6.9.6, kernel 6.10-rc4"}