CVE-2024-43875

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50

Description The issue is related to the PCI endpoint in the Linux kernel, where error handling in the vpci scan bus() function has been improved. Smatch complains about inconsistent NULL checking in vpci scan bus(), specifically in the drivers/pci/endpoint/functions/pci-epf-vntb.c file at line 1024. The function previously assumed that vpci bus could be null, but instead of printing an error message and crashing, it should return an error code and clean up. Additionally, the NULL check is reversed, printing an error for success instead of failure.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.50 or later. As a temporary workaround, consider disabling the vpci scan bus() function until a patch is available. Restrict access to the vulnerable module pci-epf-vntb to minimize the risk of exploitation. Avoid using the vpci bus variable in the affected API endpoint until the issue is resolved.