SB20240603216 - Improper error handling in Linux kernel pci driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper error handling (CVE-ID: CVE-2024-35809)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the pci_device_remove() function in drivers/pci/pci-driver.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/9a87375bb586515c0af63d5dcdcd58ec4acf20a6
• https://git.kernel.org/stable/c/47d8aafcfe313511a98f165a54d0adceb34e54b1
• https://git.kernel.org/stable/c/bbe068b24409ef740657215605284fc7cdddd491
• https://git.kernel.org/stable/c/7cc94dd36e48879e76ae7a8daea4ff322b7d9674
• https://git.kernel.org/stable/c/900b81caf00c89417172afe0e7e49ac4eb110f4b
• https://git.kernel.org/stable/c/d86ad8c3e152349454b82f37007ff6ba45f26989
• https://git.kernel.org/stable/c/d534198311c345e4b062c4b88bb609efb8bd91d5
• https://git.kernel.org/stable/c/6347348c6aba52dda0b33296684cbb627bdc6970
• https://git.kernel.org/stable/c/9d5286d4e7f68beab450deddbb6a32edd5ecf4bf
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.312
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.215
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.154
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.274
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.84
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.24
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.12
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.3