SB2024123072 - Use-after-free in Linux kernel pci driver
Published: December 30, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024123072
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2024-53194)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pci_slot_release(), pci_bus_get() and make_slot_name() functions in drivers/pci/slot.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/20502f0b3f3acd6bee300257556c27a867f80c8b
- https://git.kernel.org/stable/c/41bbb1eb996be1435815aa1fbcc9ffc45b84cc12
- https://git.kernel.org/stable/c/50473dd3b2a08601a078f852ea05572de9b1f86c
- https://git.kernel.org/stable/c/69d2ceac11acf8579d58d55c9c5b65fb658f916e
- https://git.kernel.org/stable/c/c7acef99642b763ba585f4a43af999fcdbcc3dc4
- https://git.kernel.org/stable/c/c8266ab8e7ccd1d1f5a9c8b29eb2020175048134
- https://git.kernel.org/stable/c/d0ddd2c92b75a19a37c887154223372b600fed37
- https://git.kernel.org/stable/c/da6e6ff1f6c57f16e07af955e0e997fc90dd1e75
- https://git.kernel.org/stable/c/e5d5c04aac71bf1476dc44b56f2206a4c2facca8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.64