CVE-2024-46761

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.10.9

Description The issue is related to a null pointer dereference in the Linux kernel's hotplug driver for powerpc, specifically in the pci/hotplug/pnv php.c file. This occurs when trying to hot-unplug or disable the PCIe switch/bridge from the PHB, causing a kernel crash. The crash happens because the MSI data structure is released during the disable/hot-unplug path and assigned a NULL value, but the code still attempts to disable the MSI during unregistration, resulting in a NULL pointer dereference. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations To resolve the issue, update the Linux kernel to version 6.10.9 or later. As a temporary workaround, consider disabling the hotplug driver for powerpc until a patch is available. Restrict access to the pci/hotplug/pnv php module to minimize the risk of exploitation. Avoid using the pci disable msi/msix() function in the affected code path until the issue is resolved.