CVE-2024-53194

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free vulnerability has been resolved in the Linux kernel. The issue occurs when the pciehp driver is unbound from a Downstream Port, causing a pci slot to be destroyed before the pci bus it points to, resulting in a use-after-free error. This happens because the PCI core uses a two-step process to remove a portion of the hierarchy, and there is no precaution to prevent driver binding in-between these steps. The vulnerability can cause a boot crash on recent Lenovo laptops with a USB4 dock.

Recommendations To resolve the issue, amend the pci create slot() function to acquire a reference to the pci bus when creating a pci slot. This change should prevent the use-after-free error and fix the boot crash issue.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.