Timothy Pearson

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.10.9 **Description** The issue is related to a null pointer dereference in the Linux kernel's hotplug driver for powerpc, specifically in the `pci/hotplug/pnv php.c` file. This occurs when trying to hot-unplug or disable the PCIe switch/bridge from the PHB, causing a kernel crash. The crash happens because the MSI data structure is released during the disable/hot-unplug path and assigned a NULL value, but the code still attempts to disable the MSI during unregistration, resulting in a NULL pointer dereference. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** To resolve the issue, update the Linux kernel to version 6.10.9 or later. As a temporary workaround, consider disabling the hotplug driver for powerpc until a patch is available. Restrict access to the `pci/hotplug/pnv php` module to minimize the risk of exploitation. Avoid using the `pci disable msi/msix()` function in the affected code path until the issue is resolved.