Daniel Stodden

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the `stdev release()` function in the Linux kernel, specifically in the `drivers/pci/switch/switchtec.c` component. It is caused by errors in resource release, which can lead to a crash after a surprise hot removal of a PCI device. When `stdev->cdev` is held open and a hot removal occurs, the call to `stdev release()` happens at a point after `switchtec pci remove()`, leading to issues because the `devm` cleanup has already removed the `stdev->mmio mrpc` mapping and the `stdev->pdev` reference was not counted. This results in a fatal page fault in DMA mode when `iowrite32()` is called in `stdev release()`, and if reached, `dma free coherent()` would pass a stale pointer. The fix involves moving the MRPC DMA shutdown into `switchtec pci remove()` after `stdev kill()` and making the counting of the `stdev->pdev` reference optional to prevent future accidents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.