Primary

Context

Linux Kernel PCI/ASPM Vulnerability in Link State Management

Vulnerability

Patched

A vulnerability in the Linux kernel's PCI/ASPM link state management has been addressed. The issue arose during the removal of upstream functions, where the link state was not properly managed, leading to use-after-free vulnerabilities. This mismanagement was particularly problematic with PCIe switches that have multiple functions, as it could result in accessing freed memory, causing general protection faults. The vulnerability was more pronounced during hot-unplug operations, where devices are removed in reverse order, exacerbating the timing of link state management.

Impact

The vulnerability could lead to use-after-free conditions, causing general protection faults, particularly during hot-unplug operations.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel PCI/ASPM Vulnerability in Link State Management

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating