Name of the Vulnerable Software and Affected Versions Linux Kernel versions prior to v5.4.156

Description The issue is related to a use-after-free (UAF) bug in the peak pci remove() function. This bug was introduced in version v3.4 and is fixed in version v5.4.156. The actual impact and attack plausibility of this issue have not yet been proven.

Recommendations For Linux Kernel versions prior to v5.4.156, update to version v5.4.156 or later to resolve the issue. As a temporary workaround, consider restricting access to the peak pci remove() function until a patch is available.