SB2025091956 - Use-after-free in Linux kernel pci pcie driver
Published: September 19, 2025 Updated: September 22, 2025
Security Bulletin ID
SB2025091956
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2023-53446)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pcie_aspm_exit_link_state() function in drivers/pci/pcie/aspm.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/4203722d51afe3d239e03f15cc73efdf023a7103
- https://git.kernel.org/stable/c/456d8aa37d0f56fc9e985e812496e861dcd6f2f2
- https://git.kernel.org/stable/c/666e7f9d60cee23077ea3e6331f6f8a19f7ea03f
- https://git.kernel.org/stable/c/7aecdd47910c51707696e8b0e045b9f88bd4230f
- https://git.kernel.org/stable/c/7badf4d6f49a358a01ab072bbff88d3ee886c33b
- https://git.kernel.org/stable/c/9856c0de49052174ab474113f4ba40c02aaee086
- https://git.kernel.org/stable/c/d51d2eeae4ce54d542909c4d9d07bf371a78592c
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.13