Volerion logoVolerion
Volerion logoVolerion

Linux Kernel PCI Hotplug Driver IRQ Resource Leak Vulnerability

Vulnerability

A vulnerability in the Linux kernel's PCI hotplug driver for PowerPC PowerNV platforms has been addressed. When the root of a nested PCIe bridge configuration is unplugged, the driver leaked allocated IRQ resources for child bridges' hotplug event notifications, leading to a kernel panic. This issue has been fixed by deallocating IRQ resources from all child buses before removing devices from the hotplug slot. Additionally, the management of the workqueue used for interrupt handling has been improved to prevent it from being prematurely destroyed, which is necessary for proper handling of hot unplug events.

Impact

Unplugging the root of a nested PCIe bridge configuration without this fix leads to a kernel panic, caused by the improper release of IRQ resources.

Reproduction

To reproduce this vulnerability, unplug the root of a nested PCIe bridge configuration while the pnv_php driver is active. This will cause the driver to improperly release IRQ resources, leading to a kernel panic.

Remediation

Users can apply the available patch from the Linux kernel stable tree to address this vulnerability.

Added: Aug 22, 2025, 5:59 PM
Updated: Aug 22, 2025, 5:59 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
7.7
relevance
0.4
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.