Linux Kernel s390/pci Duplicate pci_dev_put Vulnerability in disable_slot Function

Vulnerability

A vulnerability in the Linux kernel's s390/pci subsystem was introduced by a recent commit that altered how the power-off state of a physical function (PF) with child virtual functions (VFs) is handled. The modification inadvertently created a double reference release by leaving an existing pci_dev_put call intact, which could lead to a use-after-free condition if the pci_dev structure is freed while in an unexpected state. This issue has been addressed by removing the redundant pci_dev_put call.

Impact

The vulnerability could cause a use-after-free condition, potentially leading to memory corruption or exploitation opportunities.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel s390/pci Duplicate pci_dev_put Vulnerability in disable_slot Function

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating