PT-2025-16659 · Linux+6 · Linux Kernel+6
Published
2025-04-16
·
Updated
2026-03-14
·
CVE-2024-58093
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to the version containing the fix for the issue described as 'PCI/ASPM: Fix link state exit during switch upstream function removal'
Description
The issue is related to the PCI/ASPM functionality in the Linux kernel. It involves a problem with the link state exit during the removal of a switch upstream function. Before a specific change, the ASPM link was freed too late, potentially leading to use-after-free issues. After the change, the ASPM parent link state was freed too early, causing issues when removing functions other than function 0 first on a PCIe switch with MFD on the upstream port. This results in General Protection Faults (GPFs), especially during hot-unplug operations.
Recommendations
For Linux kernel versions prior to the version containing the fix for the 'PCI/ASPM: Fix link state exit during switch upstream function removal' issue, consider applying the patch that fixes the link state exit during switch upstream function removal to resolve the issue.
Exploit
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu