Linux Kernel PCI Endpoint Double Free Vulnerability Leading to Kernel Oops

Vulnerability

A double free vulnerability has been identified in the Linux kernel's PCI endpoint management, specifically within the pci-epf-test driver. This issue arises during the initialization of endpoint drivers, where the allocation and deallocation of Base Address Registers (BARs) can become mismatched. When the allocation fails due to a lack of available resources, the driver does not properly clear the previous BAR assignment. If the host reboots, the reinitialization process can attempt to allocate the same BARs, leading to a double free condition. This vulnerability has been addressed by ensuring that the allocation and deallocation processes are symmetrical, with the driver properly nullifying BAR references when memory is freed.

Impact

Exploitation of this vulnerability causes a kernel oops, indicating a serious error that can lead to a system crash or instability.

Added: Jun 18, 2025, 10:41 AM

Updated: Jun 18, 2025, 10:41 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel PCI Endpoint Double Free Vulnerability Leading to Kernel Oops

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating