Linux Kernel Duplicate Device Registration Vulnerability in PCI Express Subsystem

Vulnerability

A vulnerability in the Linux kernel's PCI Express subsystem has been addressed, which involved improper handling of PCI device data during the registration of platform devices. The issue arose because the PCI device structure was incorrectly used as platform data, leading to a duplicated copy of the PCI device. This duplication caused corruption in the device list, as the mutex information, including the device's list and magic values, remained identical to the original device, creating potential for list corruption.

Impact

The vulnerability could lead to memory corruption by allowing duplicated device entries to interfere with the device management lists, potentially causing instability or unexpected behavior in the system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Duplicate Device Registration Vulnerability in PCI Express Subsystem

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating