{"id":"CVE-2024-58093","summary":"PCI/ASPM: Fix link state exit during switch upstream function removal","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix link state exit during switch upstream function removal\n\nBefore 456d8aa37d0f (\"PCI/ASPM: Disable ASPM on MFD function removal to\navoid use-after-free\"), we would free the ASPM link only after the last\nfunction on the bus pertaining to the given link was removed.\n\nThat was too late. If function 0 is removed before sibling function,\nlink-\u003edownstream would point to free'd memory after.\n\nAfter above change, we freed the ASPM parent link state upon any function\nremoval on the bus pertaining to a given link.\n\nThat is too early. If the link is to a PCIe switch with MFD on the upstream\nport, then removing functions other than 0 first would free a link which\nstill remains parent_link to the remaining downstream ports.\n\nThe resulting GPFs are especially frequent during hot-unplug, because\npciehp removes devices on the link bus in reverse order.\n\nOn that switch, function 0 is the virtual P2P bridge to the internal bus.\nFree exactly when function 0 is removed -- before the parent link is\nobsolete, but after all subordinate links are gone.\n\n[kwilczynski: commit log]","modified":"2026-04-02T12:25:31.222889Z","published":"2025-04-16T14:11:42.682Z","related":["CGA-2qmc-ffgf-6v8j","SUSE-SU-2025:01600-1","SUSE-SU-2025:01614-1","SUSE-SU-2025:01707-1","SUSE-SU-2025:01919-1","SUSE-SU-2025:01951-1","SUSE-SU-2025:01964-1","SUSE-SU-2025:01967-1","SUSE-SU-2025:01972-1","SUSE-SU-2025:20343-1","SUSE-SU-2025:20344-1","SUSE-SU-2025:20354-1","SUSE-SU-2025:20355-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/58xxx/CVE-2024-58093.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/cbf937dcadfd571a434f8074d057b32cd14fbea5"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/58xxx/CVE-2024-58093.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-58093"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"456d8aa37d0f56fc9e985e812496e861dcd6f2f2"},{"fixed":"cbf937dcadfd571a434f8074d057b32cd14fbea5"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"666e7f9d60cee23077ea3e6331f6f8a19f7ea03f"},{"last_affected":"7badf4d6f49a358a01ab072bbff88d3ee886c33b"},{"last_affected":"9856c0de49052174ab474113f4ba40c02aaee086"},{"last_affected":"7aecdd47910c51707696e8b0e045b9f88bd4230f"},{"last_affected":"d51d2eeae4ce54d542909c4d9d07bf371a78592c"},{"last_affected":"4203722d51afe3d239e03f15cc73efdf023a7103"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58093.json"}}],"schema_version":"1.7.5"}