2024-12-27 14:23:06
Linux
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix PCI domain ID release in pci_epc_destroy() pci_epc_destroy() invokes pci_bus_release_domain_nr() to release the PCI domain ID, but there are two issues: - epc->dev is passed to pci_bus_release_domain_nr() which was already freed by device_unregister(), leading to a use-after-free issue. - Domain ID corresponds to the EPC device parent, so passing epc->dev is also wrong. Fix these issues by passing epc->dev.parent to pci_bus_release_domain_nr() and also do it before device_unregister(). [mani: reworded subject and description]