CVE-2024-46761

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
18/09/2024
Last modified:
23/09/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv<br /> <br /> The hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel<br /> crash when we try to hot-unplug/disable the PCIe switch/bridge from<br /> the PHB.<br /> <br /> The crash occurs because although the MSI data structure has been<br /> released during disable/hot-unplug path and it has been assigned<br /> with NULL, still during unregistration the code was again trying to<br /> explicitly disable the MSI which causes the NULL pointer dereference and<br /> kernel crash.<br /> <br /> The patch fixes the check during unregistration path to prevent invoking<br /> pci_disable_msi/msix() since its data structure is already freed.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.19.322 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.20 (including) 5.4.284 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5 (including) 5.10.226 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.167 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.110 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.51 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.10.10 (excluding)