CVE-2023-54326

Vulnerability

In the Linux kernel, the pci_endpoint_test driver suffers from a use-after-free race condition. The flaw occurs in the pci_endpoint_test_remove() function, which frees IRQs after removing the PCI endpoint test device. This creates a small window where an IRQ can be received after the device's memory has already been released, causing the IRQ handler to access invalid memory and resulting in a kernel oops. [1]

Exploitation

Exploitation requires the ability to trigger the removal of the PCI endpoint test device while an IRQ is pending. The attacker must have local access to the system and the capability to unload the driver or perform a hot-unplug of the device. No authentication is required beyond the ability to interact with the driver's removal path. The race window is small, making exploitation difficult but not impossible. [2]

Impact

A successful exploit leads to a kernel crash (oops), resulting in a denial of service (DoS) condition. The attacker does not gain code execution or privilege escalation; the primary impact is system instability and availability loss. [3]

Mitigation

The fix, merged into the Linux kernel stable branches, moves the IRQ freeing to occur before device removal, closing the race window. Administrators should update to a kernel version containing the patch. No workaround exists other than applying the update. [4]