Linux · Linux Kernel · CVE-2024-40903
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
The issue is related to a potential use-after-free case in the `tcpm register source caps()` function. This could happen when new source caps are advertised, existing source caps are unregistered, and `tcpm register source caps()` returns with an error due to `usb power delivery register capabilities()` failing. As a result, `port->partner source caps` holds on to the now freed source caps. The problem can be resolved by resetting the `port->partner source caps` value to NULL after unregistering existing source caps.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.