Linux Kernel PCI Power Control Use-After-Free Vulnerability

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's PCI power control subsystem. This issue arises when outstanding rescan work is not properly canceled before unregistering a pwrctrl driver, potentially leading to memory management errors. The vulnerability can be exploited by forcing the rescan work function to run for an extended period, while simultaneously unloading the pwrctrl driver.

Impact

Exploitation of this vulnerability can lead to use-after-free conditions, which may be exploited to execute arbitrary code or cause a denial-of-service by crashing the system.

Added: Jul 3, 2025, 10:25 AM

Updated: Jul 3, 2025, 10:25 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

3.5

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

3.5

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel PCI Power Control Use-After-Free Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating