CVE-2024-58093
HIGH(7.8)CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CVSS 7.8 — Hoch
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
7.8
Technische Schwere
Beschreibung
In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix link state exit during switch upstream function removal Before 456d8aa37d0f ("PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free"), we would free the ASPM link only after the last function on the bus pertaining to the given link was removed. That was too late. If function 0 is removed before sibling function, link->downstream would point to free'd memory after. After above change, we freed the ASPM parent link state upon any function removal on the bus pertaining to a given link. That is too early. If the link is to a PCIe switch with MFD on the upstream port, then removing functions other than 0 first would free a link which still remains parent_link to the remaining downstream ports. The resulting GPFs are especially frequent during hot-unplug, because pciehp removes devices on the link bus in reverse order. On that switch, function 0 is the virtual P2P bridge to the internal bus. Free exactly when function 0 is removed -- before the parent link is obsolete, but after all subordinate links are gone. [kwilczynski: commit log]
Referenzen
- https://git.kernel.org/stable/c/0a0f9aecf66b98959aab7fb5764b4b3e522f4f5b
- https://git.kernel.org/stable/c/4d96930239981f312821a4065db8cc0f8240a173
- https://git.kernel.org/stable/c/62db339ecc3d58d8fd83a9e4d80061cd943bb6e2
- https://git.kernel.org/stable/c/8b930ddc2044e36866c41423e89889e0258695a3
- https://git.kernel.org/stable/c/ba4cdc14c0d4df00d3e99bff7fe545303db98183
- https://git.kernel.org/stable/c/cbf937dcadfd571a434f8074d057b32cd14fbea5
- https://git.kernel.org/stable/c/cd4b07507794f7ad1a74e12eca75121d98187e66
- https://git.kernel.org/stable/c/e5cd58f61e9d8024ee11bd78c12c8916891d4077
- https://git.kernel.org/stable/c/f556b6ba0ac5f8353287ce6ed761228f0b4fafb7