VYPR
High severity7.8NVD Advisory· Published Dec 27, 2024· Updated Jun 17, 2026

CVE-2024-56561

CVE-2024-56561

Description

In the Linux kernel, the following vulnerability has been resolved:

PCI: endpoint: Fix PCI domain ID release in pci_epc_destroy()

pci_epc_destroy() invokes pci_bus_release_domain_nr() to release the PCI domain ID, but there are two issues:

- 'epc->dev' is passed to pci_bus_release_domain_nr() which was already freed by device_unregister(), leading to a use-after-free issue.

- Domain ID corresponds to the EPC device parent, so passing 'epc->dev' is also wrong.

Fix these issues by passing 'epc->dev.parent' to pci_bus_release_domain_nr() and also do it before device_unregister().

[mani: reworded subject and description]

Affected products

4

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.