CVE-2023-54326

EUVD-2023-60478
In the Linux kernel, the following vulnerability has been resolved:

misc: pci_endpoint_test: Free IRQs before removing the device

In pci_endpoint_test_remove(), freeing the IRQs after removing the device
creates a small race window for IRQs to be received with the test device
memory already released, causing the IRQ handler to access invalid memory,
resulting in an oops.

Free the device IRQs before removing the device to avoid this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.158-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.247-1
fixed
forky
6.17.13-1
fixed
sid
6.17.13-1
fixed
trixie
6.12.57-1
fixed
trixie (security)
6.12.48-1
fixed
References
https://git.kernel.org/stable/c/14bdee38e96c7d37ca15e7bea50411eee25fe315
https://git.kernel.org/stable/c/38d12bcf4e2ce3d285eb29644a79a54f42040fab
https://git.kernel.org/stable/c/c2dba13bc0c62b79a3cbe4bfe5faa32231bf9b55
https://git.kernel.org/stable/c/cdf9a7e2cdc7a5464e3cc6d0b715ba2b1d215521
https://git.kernel.org/stable/c/dd2210379205fcd23a9d8869b0cef90e3770577c
https://git.kernel.org/stable/c/f61b7634a3249d12b9daa36ffbdb9965b6f24c6c
https://git.kernel.org/stable/c/fb7f8bdb886f2ebf35ee5edaf2bf5f02b063ddb7