In the Linux kernel, the following vulnerability has been resolved:
usb: typec: tcpm: fix use-after-free case in tcpmregistersource_caps
There could be a potential use-after-free case in tcpmregistersourcecaps(). This could happen when: * new (say invalid) source caps are advertised * the existing source caps are unregistered * tcpmregistersourcecaps() returns with an error as usbpowerdeliveryregistercapabilities() fails
This causes port->partnersourcecaps to hold on to the now freed source caps.
Reset port->partnersourcecaps value to NULL after unregistering existing source caps.