medium
5.5
CWE
476
Advisory Published
Updated

CVE-2024-46761: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv

First published: Wed Sep 18 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv The hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel crash when we try to hot-unplug/disable the PCIe switch/bridge from the PHB. The crash occurs because although the MSI data structure has been released during disable/hot-unplug path and it has been assigned with NULL, still during unregistration the code was again trying to explicitly disable the MSI which causes the NULL pointer dereference and kernel crash. The patch fixes the check during unregistration path to prevent invoking pci_disable_msi/msix() since its data structure is already freed.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel<4.19.322
Linux Kernel>=4.20<5.4.284
Linux Kernel>=5.5<5.10.226
Linux Kernel>=5.11<5.15.167
Linux Kernel>=5.16<6.1.110
Linux Kernel>=6.2<6.6.51
Linux Kernel>=6.7<6.10.10
debian/linux<=5.10.223-1<=5.10.226-1
6.1.123-1
6.1.119-1
6.12.11-1
6.12.12-1
debian/linux-6.1
6.1.119-1~deb11u1

Remedy

https://git.kernel.org/stable/c/335e35b748527f0c06ded9eebb65387f60647fda

Remedy

https://git.kernel.org/stable/c/438d522227374042b5c8798f8ce83bbe479dca4d

Remedy

https://git.kernel.org/stable/c/4eb4085c1346d19d4a05c55246eb93e74e671048

Remedy

https://git.kernel.org/stable/c/b82d4d5c736f4fd2ed224c35f554f50d1953d21e

Remedy

https://git.kernel.org/stable/c/bc1faed19db95abf0933b104910a3fb01b138f59

Remedy

https://git.kernel.org/stable/c/bfc44075b19740d372f989f21dd03168bfda0689

Remedy

https://git.kernel.org/stable/c/c0d8094dc740cfacf3775bbc6a1c4720459e8de4

Remedy

https://git.kernel.org/stable/c/c4c681999d385e28f84808bbf3a85ea8e982da55

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-46761?

    The severity of CVE-2024-46761 is considered medium due to the potential for kernel crashes during PCIe operations.

  • How do I fix CVE-2024-46761?

    To fix CVE-2024-46761, update to the recommended kernel version: 6.1.123-1, 6.1.119-1, or later versions as specified.

  • What systems are affected by CVE-2024-46761?

    CVE-2024-46761 affects the Linux kernel versions up to 5.10.226 and various versions of the 6.x series.

  • What is the impact of CVE-2024-46761?

    The impact of CVE-2024-46761 includes potential kernel crashes when attempting to hot-unplug or disable PCIe switches or bridges.

  • Is there a specific Debian package affected by CVE-2024-46761?

    Yes, the Debian package 'linux' versions up to 5.10.226 and 'linux-6.1' version 6.1.119-1~deb11u1 are affected by CVE-2024-46761.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203