CVE-2023-54326
Use-After-Free Race Condition in Linux pci_endpoint_test IRQ Handling
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's pci_endpoint_test driver. The issue is that IRQs (interrupt requests) are freed after the device is removed, creating a race condition where IRQs can be received while the device memory has already been released. This causes the IRQ handler to access invalid memory, leading to a kernel oops (crash). The fix is to free the IRQs before removing the device to prevent this race condition.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash (kernel oops) due to invalid memory access in the IRQ handler. This can lead to system instability, potential denial of service, and unexpected behavior on systems using the affected pci_endpoint_test driver.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version where the pci_endpoint_test driver frees IRQs before removing the device, as this fixes the race condition causing invalid memory access. Ensuring your system runs this patched kernel version will mitigate the vulnerability.