CVE-2023-53363

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue was identified in the Linux kernel related to PCI bus removal cleanup. Specifically, the vulnerability occurs in the pci bus release domain nr() function after the associated struct pci bus has been freed by pci remove bus(). This occurs during the process of releasing PCI domain numbers. The issue was discovered through kfence testing, which detected a use-after-free read within the function. The root cause is an incorrect order of operations during bus removal, where pci bus release domain nr() is called after the memory it accesses has been freed. The stack trace indicates involvement of functions such as dw pcie host deinit(), tegra pcie deinit controller(), and tegra pcie dw probe().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.