CVE-2024-56561
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: Fix PCI domain ID release in pci_epc_destroy()
pci_epc_destroy() invokes pci_bus_release_domain_nr() to release the PCI domain ID, but there are two issues:
'epc->dev' is passed to pci_bus_release_domain_nr() which was already freed by device_unregister(), leading to a use-after-free issue.
Domain ID corresponds to the EPC device parent, so passing 'epc->dev' is also wrong.
Fix these issues by passing 'epc->dev.parent' to pci_bus_release_domain_nr() and also do it before device_unregister().
[mani: reworded subject and description]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 0328947c50324cf4b2d8b181bf948edb8101f59f < c74a1df6c2a2df7dd45c3fc1a5edc29a075dcf22 | affected |
| Linux | Linux | 0328947c50324cf4b2d8b181bf948edb8101f59f < 4acc902ed3743edd4ac2d3846604a99d17104359 | affected |
| Linux | Linux | a4934cd7a18d35fc57025f23773f6f19e2b2dbb1 | affected |
| Linux | Linux | 6.11.4 < 6.12 | affected |
| Linux | Linux | 6.12 | affected |
| Linux | Linux | 0 < 6.12 | unaffected |
| Linux | Linux | 6.12.4 <= 6.12.* | unaffected |
| Linux | Linux | 6.13 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://git.kernel.org/stable/c/c74a1df6c2a2df7dd45c3fc1a5edc29a075dcf22
- https://git.kernel.org/stable/c/4acc902ed3743edd4ac2d3846604a99d17104359
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.