Linux · Linux Kernel · CVE-2024-53194
**Name of the Vulnerable Software and Affected Versions**
Linux kernel (affected versions not specified)
**Description**
A use-after-free vulnerability has been resolved in the Linux kernel. The issue occurs when the `pciehp` driver is unbound from a Downstream Port, causing a `pci slot` to be destroyed before the `pci bus` it points to, resulting in a use-after-free error. This happens because the PCI core uses a two-step process to remove a portion of the hierarchy, and there is no precaution to prevent driver binding in-between these steps. The vulnerability can cause a boot crash on recent Lenovo laptops with a USB4 dock.
**Recommendations**
To resolve the issue, amend the `pci create slot()` function to acquire a reference to the `pci bus` when creating a `pci slot`. This change should prevent the use-after-free error and fix the boot crash issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.