CVE-2024-58093

{"id": "CVE-2024-58093", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-04-16T15:15:53.220", "references": [{"url": "https://git.kernel.org/stable/c/cbf937dcadfd571a434f8074d057b32cd14fbea5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix link state exit during switch upstream function removal\n\nBefore 456d8aa37d0f (\"PCI/ASPM: Disable ASPM on MFD function removal to\navoid use-after-free\"), we would free the ASPM link only after the last\nfunction on the bus pertaining to the given link was removed.\n\nThat was too late. If function 0 is removed before sibling function,\nlink->downstream would point to free'd memory after.\n\nAfter above change, we freed the ASPM parent link state upon any function\nremoval on the bus pertaining to a given link.\n\nThat is too early. If the link is to a PCIe switch with MFD on the upstream\nport, then removing functions other than 0 first would free a link which\nstill remains parent_link to the remaining downstream ports.\n\nThe resulting GPFs are especially frequent during hot-unplug, because\npciehp removes devices on the link bus in reverse order.\n\nOn that switch, function 0 is the virtual P2P bridge to the internal bus.\nFree exactly when function 0 is removed -- before the parent link is\nobsolete, but after all subordinate links are gone.\n\n[kwilczynski: commit log]"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI/ASPM: Correcci\u00f3n de la salida del estado del enlace durante la eliminaci\u00f3n de la funci\u00f3n ascendente del conmutador. Antes de la versi\u00f3n 456d8aa37d0f (\"PCI/ASPM: Deshabilitar ASPM al eliminar la funci\u00f3n MFD para evitar el use-after-free\"), liber\u00e1bamos el enlace ASPM solo despu\u00e9s de eliminar la \u00faltima funci\u00f3n del bus correspondiente al enlace en cuesti\u00f3n. Era demasiado tarde. Si la funci\u00f3n 0 se elimina antes que la funci\u00f3n hermana, enlace->descendente apuntar\u00eda a la memoria liberada despu\u00e9s. Tras el cambio mencionado, liber\u00e1bamos el estado del enlace principal ASPM al eliminar cualquier funci\u00f3n del bus correspondiente a un enlace determinado. Era demasiado pronto. Si el enlace es a un conmutador PCIe con MFD en el puerto ascendente, eliminar primero las funciones distintas de la 0 liberar\u00eda un enlace que a\u00fan permanece como parent_link para los puertos descendentes restantes. Los GPF resultantes son especialmente frecuentes durante la desconexi\u00f3n en caliente, ya que pciehp elimina los dispositivos del bus de enlace en orden inverso. En ese conmutador, la funci\u00f3n 0 es el puente P2P virtual al bus interno. Se libera exactamente cuando se elimina la funci\u00f3n 0: antes de que el enlace principal quede obsoleto, pero despu\u00e9s de que todos los enlaces subordinados desaparezcan. [kwilczynski: registro de confirmaciones]"}], "lastModified": "2025-10-28T18:53:45.890", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44DA80F9-E53B-4731-AC41-BD9BAFB7661D", "versionEndExcluding": "5.5", "versionStartIncluding": "5.4.251"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D42E8C7-CD33-432A-AC09-DC524C88ECE4", "versionEndExcluding": "5.11", "versionStartIncluding": "5.10.188"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3AFFFEE-0707-48FE-B692-4AB92FDAA922", "versionEndExcluding": "5.16", "versionStartIncluding": "5.15.121"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43B56BBD-C68E-4AF0-AEFF-3863C4B70AC2", "versionEndExcluding": "6.2", "versionStartIncluding": "6.1.39"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9058C05B-5440-4D83-834D-2E94FC46621C", "versionEndExcluding": "6.4", "versionStartIncluding": "6.3.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C10C69F-6357-4624-ADB7-90D4E8729AD5", "versionEndExcluding": "6.15", "versionStartIncluding": "6.4.4"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}