CVE-2023-54235

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> PCI/DOE: Fix destroy_work_on_stack() race<br /> <br /> The following debug object splat was observed in testing:<br /> <br /> ODEBUG: free active (active state 0) object: 0000000097d23782 object type: work_struct hint: doe_statemachine_work+0x0/0x510<br /> WARNING: CPU: 1 PID: 71 at lib/debugobjects.c:514 debug_print_object+0x7d/0xb0<br /> ...<br /> Workqueue: pci 0000:36:00.0 DOE [1 doe_statemachine_work<br /> RIP: 0010:debug_print_object+0x7d/0xb0<br /> ...<br /> Call Trace:<br /> ? debug_print_object+0x7d/0xb0<br /> ? __pfx_doe_statemachine_work+0x10/0x10<br /> debug_object_free.part.0+0x11b/0x150<br /> doe_statemachine_work+0x45e/0x510<br /> process_one_work+0x1d4/0x3c0<br /> <br /> This occurs because destroy_work_on_stack() was called after signaling<br /> the completion in the calling thread. This creates a race between<br /> destroy_work_on_stack() and the task-&gt;work struct going out of scope in<br /> pci_doe().<br /> <br /> Signal the work complete after destroying the work struct. This is safe<br /> because signal_task_complete() is the final thing the work item does and<br /> the workqueue code is careful not to access the work struct after.