mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
132 lines
5.0 KiB
JSON
132 lines
5.0 KiB
JSON
{
|
|
"id": "CVE-2024-40903",
|
|
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
|
|
"published": "2024-07-12T13:15:13.660",
|
|
"lastModified": "2024-07-24T19:01:54.317",
|
|
"vulnStatus": "Analyzed",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps\n\nThere could be a potential use-after-free case in\ntcpm_register_source_caps(). This could happen when:\n * new (say invalid) source caps are advertised\n * the existing source caps are unregistered\n * tcpm_register_source_caps() returns with an error as\n usb_power_delivery_register_capabilities() fails\n\nThis causes port->partner_source_caps to hold on to the now freed source\ncaps.\n\nReset port->partner_source_caps value to NULL after unregistering\nexisting source caps."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: typec: tcpm: arreglar el caso de use-after-free en tcpm_register_source_caps Podr\u00eda haber un posible caso de use-after-free en tcpm_register_source_caps(). Esto podr\u00eda suceder cuando: * se anuncian l\u00edmites de fuente nuevos (por ejemplo, no v\u00e1lidos) * los l\u00edmites de fuente existentes no est\u00e1n registrados * tcpm_register_source_caps() devuelve un error ya que usb_power_delivery_register_capabilities() falla Esto hace que port->partner_source_caps conserve los l\u00edmites de fuente ahora liberados. Restablezca el valor de puerto->partner_source_caps a NULL despu\u00e9s de cancelar el registro de los l\u00edmites de origen existentes."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.8,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-416"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.1.61",
|
|
"versionEndExcluding": "6.1.95",
|
|
"matchCriteriaId": "84374DE2-3256-4B28-905E-BCB7407CE7DE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.6.31",
|
|
"versionEndExcluding": "6.6.35",
|
|
"matchCriteriaId": "3775F39F-C7DC-42FB-9E42-7C07CD017B48"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.9",
|
|
"versionEndExcluding": "6.9.6",
|
|
"matchCriteriaId": "A2E0E6CD-2DC0-4E5C-9037-9A023960B2F9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/04c05d50fa79a41582f7bde8a1fd4377ae4a39e5",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/4053696594d7235f3638d49a00cf0f289e4b36a3",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/6b67b652849faf108a09647c7fde9b179ef24e2b",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/e7e921918d905544500ca7a95889f898121ba886",
|
|
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
}
|
|
]
|
|
} |