CVE-2023-53363 (CNNVD-202509-2729)
中文标题:
Linux kernel 安全漏洞
英文标题:
PCI: Fix use-after-free in pci_bus_release_domain_nr()
漏洞描述
中文描述:
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于pci_bus_release_domain_nr函数中存在释放后重用问题。
英文描述:
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix use-after-free in pci_bus_release_domain_nr() Commit c14f7ccc9f5d ("PCI: Assign PCI domain IDs by ida_alloc()") introduced a use-after-free bug in the bus removal cleanup. The issue was found with kfence: [ 19.293351] BUG: KFENCE: use-after-free read in pci_bus_release_domain_nr+0x10/0x70 [ 19.302817] Use-after-free read at 0x000000007f3b80eb (in kfence-#115): [ 19.309677] pci_bus_release_domain_nr+0x10/0x70 [ 19.309691] dw_pcie_host_deinit+0x28/0x78 [ 19.309702] tegra_pcie_deinit_controller+0x1c/0x38 [pcie_tegra194] [ 19.309734] tegra_pcie_dw_probe+0x648/0xb28 [pcie_tegra194] [ 19.309752] platform_probe+0x90/0xd8 ... [ 19.311457] kfence-#115: 0x00000000063a155a-0x00000000ba698da8, size=1072, cache=kmalloc-2k [ 19.311469] allocated by task 96 on cpu 10 at 19.279323s: [ 19.311562] __kmem_cache_alloc_node+0x260/0x278 [ 19.311571] kmalloc_trace+0x24/0x30 [ 19.311580] pci_alloc_bus+0x24/0xa0 [ 19.311590] pci_register_host_bridge+0x48/0x4b8 [ 19.311601] pci_scan_root_bus_bridge+0xc0/0xe8 [ 19.311613] pci_host_probe+0x18/0xc0 [ 19.311623] dw_pcie_host_init+0x2c0/0x568 [ 19.311630] tegra_pcie_dw_probe+0x610/0xb28 [pcie_tegra194] [ 19.311647] platform_probe+0x90/0xd8 ... [ 19.311782] freed by task 96 on cpu 10 at 19.285833s: [ 19.311799] release_pcibus_dev+0x30/0x40 [ 19.311808] device_release+0x30/0x90 [ 19.311814] kobject_put+0xa8/0x120 [ 19.311832] device_unregister+0x20/0x30 [ 19.311839] pci_remove_bus+0x78/0x88 [ 19.311850] pci_remove_root_bus+0x5c/0x98 [ 19.311860] dw_pcie_host_deinit+0x28/0x78 [ 19.311866] tegra_pcie_deinit_controller+0x1c/0x38 [pcie_tegra194] [ 19.311883] tegra_pcie_dw_probe+0x648/0xb28 [pcie_tegra194] [ 19.311900] platform_probe+0x90/0xd8 ... [ 19.313579] CPU: 10 PID: 96 Comm: kworker/u24:2 Not tainted 6.2.0 #4 [ 19.320171] Hardware name: /, BIOS 1.0-d7fb19b 08/10/2022 [ 19.325852] Workqueue: events_unbound deferred_probe_work_func The stack trace is a bit misleading as dw_pcie_host_deinit() doesn't directly call pci_bus_release_domain_nr(). The issue turns out to be in pci_remove_root_bus() which first calls pci_remove_bus() which frees the struct pci_bus when its struct device is released. Then pci_bus_release_domain_nr() is called and accesses the freed struct pci_bus. Reordering these fixes the issue.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Linux | Linux | - | < 52b0343c7d628f37b38e3279ba585526b850ad3b | - |
cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*
|
| Linux | Linux | 6.2 | - | - |
cpe:2.3:a:linux:linux:6.2:*:*:*:*:*:*:*
|
| linux | linux_kernel | * | - | - |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
|
| linux | linux_kernel | 6.3 | - | - |
cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2023-53363 |
2025-11-11 15:22:15 | 2025-11-11 07:38:49 |
| NVD | nvd_CVE-2023-53363 |
2025-11-11 14:59:22 | 2025-11-11 07:46:53 |
| CNNVD | cnnvd_CNNVD-202509-2729 |
2025-11-11 15:12:57 | 2025-11-11 08:00:12 |
版本与语言
安全公告
变更历史
查看详细变更
- affected_products_count: 2 -> 4
查看详细变更
- vulnerability_type: 未提取 -> 其他
- severity: SeverityLevel.MEDIUM -> SeverityLevel.UNKNOWN
- cvss_score: 未提取 -> 0.0
- cnnvd_id: 未提取 -> CNNVD-202509-2729
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 6 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']