Linux Kernel PCIe Bandwidth Controller NULL Pointer Dereference Vulnerability

Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's PCIe bandwidth controller. This issue arises when the BIOS fails to assign bus numbers to PCI bridges, leading the kernel to run out of available bus numbers during device enumeration. As a result, the 'subordinate' pointer in the bridge's PCI device remains NULL. The PCIe bandwidth controller does not properly check for this NULL subordinate pointer and inadvertently dereferences it, causing a kernel crash. The vulnerability affects the PCIe bandwidth control of devices below the bridge, which are rendered unusable due to the bus number assignment failure.

Impact

Exploitation of this vulnerability leads to a kernel NULL pointer dereference, causing a system crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel PCIe Bandwidth Controller NULL Pointer Dereference Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating