SB2024091898 - Improper locking in Linux kernel pci driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2024-46750)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pci_bus_lock(), pci_bus_unlock(), pci_bus_trylock(), list_for_each_entry_continue_reverse(), pci_slot_lock() and pci_slot_trylock() functions in drivers/pci/pci.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/0790b89c7e911003b8c50ae50e3ac7645de1fae9
• https://git.kernel.org/stable/c/df77a678c33871a6e4ac5b54a71662f1d702335b
• https://git.kernel.org/stable/c/e2355d513b89a2cb511b4ded0deb426cdb01acd0
• https://git.kernel.org/stable/c/04e85a3285b0e5c5af6fd2c0fd6e95ffecc01945
• https://git.kernel.org/stable/c/7253b4fed46471cc247c6cacefac890a8472c083
• https://git.kernel.org/stable/c/78c6e39fef5c428960aff742149bba302dd46f5a
• https://git.kernel.org/stable/c/81c68e218ab883dfa368460a59b674084c0240da
• https://git.kernel.org/stable/c/a4e772898f8bf2e7e1cf661a12c60a5612c4afab
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.322
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.226
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.167
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.284
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.110
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.10
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.51