CVE-2024-42302

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50

Description The issue is related to a use-after-free vulnerability in the Linux kernel's PCI/DPC subsystem. Specifically, the pci bridge wait for secondary bus() function neglects to hold a reference on the child device, leading to potential crashes or other security issues when a DPC event occurs concurrently with hot-removal of the same portion of the hierarchy. The vulnerability is caused by the dpc handler() awaiting readiness of the secondary bus below the Downstream Port where the DPC event occurred, and polling the config space of the first child device on the secondary bus. If that child device is concurrently removed, accesses to its struct pci dev cause the kernel to crash.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.50 or later. As a temporary workaround, consider disabling the pci bridge wait for secondary bus() function until a patch is available. Restrict access to the vulnerable PCI/DPC subsystem to minimize the risk of exploitation. Avoid using the pci dev wait() function in conjunction with pci bridge wait for secondary bus() until the issue is resolved.