CVE-2023-52617

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the stdev release() function in the Linux kernel, specifically in the drivers/pci/switch/switchtec.c component. It is caused by errors in resource release, which can lead to a crash after a surprise hot removal of a PCI device. When stdev->cdev is held open and a hot removal occurs, the call to stdev release() happens at a point after switchtec pci remove(), leading to issues because the devm cleanup has already removed the stdev->mmio mrpc mapping and the stdev->pdev reference was not counted. This results in a fatal page fault in DMA mode when iowrite32() is called in stdev release(), and if reached, dma free coherent() would pass a stale pointer. The fix involves moving the MRPC DMA shutdown into switchtec pci remove() after stdev kill() and making the counting of the stdev->pdev reference optional to prevent future accidents.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.