CVE-2023-53446
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-18

Last updated on: 2025-12-12

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free Struct pcie_link_state->downstream is a pointer to the pci_dev of function 0. Previously we retained that pointer when removing function 0, and subsequent ASPM policy changes dereferenced it, resulting in a use-after-free warning from KASAN, e.g.: # echo 1 > /sys/bus/pci/devices/0000:03:00.0/remove # echo powersave > /sys/module/pcie_aspm/parameters/policy BUG: KASAN: slab-use-after-free in pcie_config_aspm_link+0x42d/0x500 Call Trace: kasan_report+0xae/0xe0 pcie_config_aspm_link+0x42d/0x500 pcie_aspm_set_policy+0x8e/0x1a0 param_attr_store+0x162/0x2c0 module_attr_store+0x3e/0x80 PCIe spec r6.0, sec 7.5.3.7, recommends that software program the same ASPM Control value in all functions of multi-function devices. Disable ASPM and free the pcie_link_state when any child function is removed so we can discard the dangling pcie_link_state->downstream pointer and maintain the same ASPM Control configuration for all functions. [bhelgaas: commit log and comment]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-18
Last Modified
2025-12-12
Generated
2026-05-27
AI Q&A
2025-09-18
EPSS Evaluated
2026-05-25
NVD
CVE-2023-53446
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 4.11 (inc) to 5.4.251 (exc)
linux linux_kernel From 5.5 (inc) to 5.10.188 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.121 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.39 (exc)
linux linux_kernel From 6.2 (inc) to 6.3.13 (exc)
linux linux_kernel From 6.4 (inc) to 6.4.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a use-after-free issue in the Linux kernel related to PCI/ASPM (Active State Power Management). Specifically, when a multi-function device's function 0 is removed, a pointer (pcie_link_state->downstream) to that function's pci_dev was retained. Later changes to ASPM policy would dereference this now-invalid pointer, causing a use-after-free error detected by KASAN (Kernel Address Sanitizer). The fix disables ASPM and frees the pcie_link_state when any child function is removed, preventing the dangling pointer and ensuring consistent ASPM control across all functions.


How can this vulnerability impact me? :

This vulnerability can lead to kernel instability or crashes due to use-after-free errors when managing PCIe device power states. Such instability could affect system reliability and potentially cause denial of service or unexpected behavior in systems using affected Linux kernel versions.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing use-after-free warnings from KASAN related to PCIe ASPM policy changes. For example, running commands that remove a PCI device function and then change the ASPM policy may trigger the warning. A suggested command sequence to detect the issue is: # echo 1 > /sys/bus/pci/devices/0000:03:00.0/remove # echo powersave > /sys/module/pcie_aspm/parameters/policy If a KASAN slab-use-after-free warning appears in the kernel logs, it indicates the presence of this vulnerability.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves applying the patch that disables ASPM and frees the pcie_link_state when any child function is removed. This prevents use-after-free by discarding the dangling pointer and maintaining consistent ASPM Control configuration. Until the patch is applied, avoid removing PCI functions and changing ASPM policy dynamically to prevent triggering the vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart