CVE-2024-26932: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd() When unregister pd capabilitie in tcpm, KASAN will capture below double -free issue. The root cause is the same capabilitiy will be kfreed twice, the first time is kfreed by pd_capabilities_release() and the second time is explicitly kfreed by tcpm_port_unregister_pd(). [ 3.988059] BUG: KASAN: double-free in tcpm_port_unregister_pd+0x1a4/0x3dc [ 3.995001] Free of addr ffff0008164d3000 by task kworker/u16:0/10 [ 4.001206] [ 4.002712] CPU: 2 PID: 10 Comm: kworker/u16:0 Not tainted 6.8.0-rc5-next-20240220-05616-g52728c567a55 #53 [ 4.012402] Hardware name: Freescale i.MX8QXP MEK (DT) [ 4.017569] Workqueue: events_unbound deferred_probe_work_func [ 4.023456] Call trace: [ 4.025920] dump_backtrace+0x94/0xec [ 4.029629] show_stack+0x18/0x24 [ 4.032974] dump_stack_lvl+0x78/0x90 [ 4.036675] print_report+0xfc/0x5c0 [ 4.040289] kasan_report_invalid_free+0xa0/0xc0 [ 4.044937] __kasan_slab_free+0x124/0x154 [ 4.049072] kfree+0xb4/0x1e8 [ 4.052069] tcpm_port_unregister_pd+0x1a4/0x3dc [ 4.056725] tcpm_register_port+0x1dd0/0x2558 [ 4.061121] tcpci_register_port+0x420/0x71c [ 4.065430] tcpci_probe+0x118/0x2e0 To fix the issue, this will remove kree() from tcpm_port_unregister_pd().
AI Analysis
Technical Summary
CVE-2024-26932 is a high-severity vulnerability identified in the Linux kernel's USB Type-C Port Manager (TCPM) subsystem. The flaw is a double-free memory error occurring in the function tcpm_port_unregister_pd(), which handles the unregistration of Power Delivery (PD) capabilities for USB Type-C ports. Specifically, the vulnerability arises because the same PD capability structure is freed twice: once by the pd_capabilities_release() function and again explicitly by tcpm_port_unregister_pd(). This double-free condition is detected by the Kernel Address Sanitizer (KASAN), which reports an invalid free operation. The issue can lead to memory corruption, potentially allowing an attacker with limited privileges to cause a kernel crash (denial of service) or, in some cases, execute arbitrary code with kernel privileges due to corrupted kernel memory structures. The vulnerability requires local access with low privileges (PR:L) and does not require user interaction (UI:N), but the attack vector is local (AV:L), meaning an attacker must have some level of access to the system to exploit it. The vulnerability affects specific Linux kernel versions, including the 6.8.0-rc5-next-20240220 release candidate, and is rooted in the USB Type-C TCPM code managing PD capabilities. The fix involves removing the redundant kfree() call in tcpm_port_unregister_pd(), preventing the double-free condition. This vulnerability is categorized under CWE-415 (Double Free), which is a common memory management error leading to serious security implications in kernel code. No known exploits are currently reported in the wild, but the high CVSS score of 7.8 reflects the significant risk posed by this flaw due to its impact on confidentiality, integrity, and availability of affected systems.
Potential Impact
For European organizations, this vulnerability poses a significant risk primarily to systems running vulnerable Linux kernel versions with USB Type-C support enabled, particularly those using the TCPM subsystem for power delivery management. The impact includes potential local privilege escalation, allowing attackers with limited access to compromise the kernel, leading to full system control. This can result in data breaches, disruption of critical services, and compromise of sensitive information. Industries relying heavily on Linux-based infrastructure, such as telecommunications, finance, manufacturing, and public sector entities, could face operational disruptions and reputational damage. Additionally, embedded systems and IoT devices using affected Linux kernels, common in industrial control systems and smart devices across Europe, may be vulnerable, increasing the attack surface. The requirement for local access limits remote exploitation but does not eliminate risk, especially in environments where insider threats or compromised user accounts exist. The vulnerability's ability to affect confidentiality, integrity, and availability simultaneously makes it a critical concern for maintaining compliance with European data protection regulations like GDPR, as exploitation could lead to unauthorized data access or service outages.
Mitigation Recommendations
European organizations should prioritize patching affected Linux kernel versions by applying updates that remove the redundant kfree() call in tcpm_port_unregister_pd(). Since the vulnerability is in the kernel USB Type-C TCPM subsystem, organizations should audit their Linux systems to identify those with vulnerable kernel versions and USB Type-C PD support enabled. For systems where immediate patching is not feasible, consider disabling USB Type-C Power Delivery features or restricting local user access to minimize exploitation risk. Implement strict access controls and monitoring for local user activities, especially on systems with USB Type-C ports. Employ kernel hardening techniques such as Kernel Address Sanitizer (KASAN) in testing environments to detect similar memory errors proactively. Additionally, maintain robust endpoint security solutions that can detect anomalous kernel behavior or privilege escalation attempts. Regularly review and update security policies to limit local user privileges and enforce the principle of least privilege. Finally, ensure comprehensive incident response plans are in place to quickly address any exploitation attempts.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2024-26932: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd() When unregister pd capabilitie in tcpm, KASAN will capture below double -free issue. The root cause is the same capabilitiy will be kfreed twice, the first time is kfreed by pd_capabilities_release() and the second time is explicitly kfreed by tcpm_port_unregister_pd(). [ 3.988059] BUG: KASAN: double-free in tcpm_port_unregister_pd+0x1a4/0x3dc [ 3.995001] Free of addr ffff0008164d3000 by task kworker/u16:0/10 [ 4.001206] [ 4.002712] CPU: 2 PID: 10 Comm: kworker/u16:0 Not tainted 6.8.0-rc5-next-20240220-05616-g52728c567a55 #53 [ 4.012402] Hardware name: Freescale i.MX8QXP MEK (DT) [ 4.017569] Workqueue: events_unbound deferred_probe_work_func [ 4.023456] Call trace: [ 4.025920] dump_backtrace+0x94/0xec [ 4.029629] show_stack+0x18/0x24 [ 4.032974] dump_stack_lvl+0x78/0x90 [ 4.036675] print_report+0xfc/0x5c0 [ 4.040289] kasan_report_invalid_free+0xa0/0xc0 [ 4.044937] __kasan_slab_free+0x124/0x154 [ 4.049072] kfree+0xb4/0x1e8 [ 4.052069] tcpm_port_unregister_pd+0x1a4/0x3dc [ 4.056725] tcpm_register_port+0x1dd0/0x2558 [ 4.061121] tcpci_register_port+0x420/0x71c [ 4.065430] tcpci_probe+0x118/0x2e0 To fix the issue, this will remove kree() from tcpm_port_unregister_pd().
AI-Powered Analysis
Technical Analysis
CVE-2024-26932 is a high-severity vulnerability identified in the Linux kernel's USB Type-C Port Manager (TCPM) subsystem. The flaw is a double-free memory error occurring in the function tcpm_port_unregister_pd(), which handles the unregistration of Power Delivery (PD) capabilities for USB Type-C ports. Specifically, the vulnerability arises because the same PD capability structure is freed twice: once by the pd_capabilities_release() function and again explicitly by tcpm_port_unregister_pd(). This double-free condition is detected by the Kernel Address Sanitizer (KASAN), which reports an invalid free operation. The issue can lead to memory corruption, potentially allowing an attacker with limited privileges to cause a kernel crash (denial of service) or, in some cases, execute arbitrary code with kernel privileges due to corrupted kernel memory structures. The vulnerability requires local access with low privileges (PR:L) and does not require user interaction (UI:N), but the attack vector is local (AV:L), meaning an attacker must have some level of access to the system to exploit it. The vulnerability affects specific Linux kernel versions, including the 6.8.0-rc5-next-20240220 release candidate, and is rooted in the USB Type-C TCPM code managing PD capabilities. The fix involves removing the redundant kfree() call in tcpm_port_unregister_pd(), preventing the double-free condition. This vulnerability is categorized under CWE-415 (Double Free), which is a common memory management error leading to serious security implications in kernel code. No known exploits are currently reported in the wild, but the high CVSS score of 7.8 reflects the significant risk posed by this flaw due to its impact on confidentiality, integrity, and availability of affected systems.
Potential Impact
For European organizations, this vulnerability poses a significant risk primarily to systems running vulnerable Linux kernel versions with USB Type-C support enabled, particularly those using the TCPM subsystem for power delivery management. The impact includes potential local privilege escalation, allowing attackers with limited access to compromise the kernel, leading to full system control. This can result in data breaches, disruption of critical services, and compromise of sensitive information. Industries relying heavily on Linux-based infrastructure, such as telecommunications, finance, manufacturing, and public sector entities, could face operational disruptions and reputational damage. Additionally, embedded systems and IoT devices using affected Linux kernels, common in industrial control systems and smart devices across Europe, may be vulnerable, increasing the attack surface. The requirement for local access limits remote exploitation but does not eliminate risk, especially in environments where insider threats or compromised user accounts exist. The vulnerability's ability to affect confidentiality, integrity, and availability simultaneously makes it a critical concern for maintaining compliance with European data protection regulations like GDPR, as exploitation could lead to unauthorized data access or service outages.
Mitigation Recommendations
European organizations should prioritize patching affected Linux kernel versions by applying updates that remove the redundant kfree() call in tcpm_port_unregister_pd(). Since the vulnerability is in the kernel USB Type-C TCPM subsystem, organizations should audit their Linux systems to identify those with vulnerable kernel versions and USB Type-C PD support enabled. For systems where immediate patching is not feasible, consider disabling USB Type-C Power Delivery features or restricting local user access to minimize exploitation risk. Implement strict access controls and monitoring for local user activities, especially on systems with USB Type-C ports. Employ kernel hardening techniques such as Kernel Address Sanitizer (KASAN) in testing environments to detect similar memory errors proactively. Additionally, maintain robust endpoint security solutions that can detect anomalous kernel behavior or privilege escalation attempts. Regularly review and update security policies to limit local user privileges and enforce the principle of least privilege. Finally, ensure comprehensive incident response plans are in place to quickly address any exploitation attempts.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.195Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9829c4522896dcbe2e80
Added to database: 5/21/2025, 9:08:57 AM
Last enriched: 7/3/2025, 1:12:56 AM
Last updated: 8/17/2025, 2:50:03 PM
Views: 9
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.