CVE-2024-26995

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to off-by-one errors in the Linux kernel's USB Type-C TCPM (TCPM - Type-C Port Manager) module, specifically in the pd set function. These errors occur because nr snk pdo and nr src pdo are incorrectly incremented by one. As a result, when doing power negotiation, TCPM relies on the incorrect size of the local sink PDO array (nr snk pdo) to match the Source capabilities of the partner port. This can lead to a wrong RDO being sent, causing unexpected power transfer, such as overvoltage or overcurrent. Similarly, nr src pdo is used to set the Rp level when the port is in Source role and to fill up the buffer with local Source capabilities for Power Negotiation. If an off-by-one overflow occurs, a wrong Rp level might be set, and wrong Source PDOs will be sent to the partner port, potentially causing overcurrent or port resets.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.