Bug 2426228 (CVE-2023-54326)

Summary: CVE-2023-54326 kernel: misc: pci_endpoint_test: Free IRQs before removing the device
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A use-after-free flaw was found in the Linux kernel's PCI endpoint test driver. In pci_endpoint_test_remove(), IRQs are freed after the device is removed, creating a race window where an IRQ can be delivered after device memory is freed. The IRQ handler then accesses invalid memory, causing a kernel crash.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-12-30 13:17:54 UTC 
In the Linux kernel, the following vulnerability has been resolved:

misc: pci_endpoint_test: Free IRQs before removing the device

In pci_endpoint_test_remove(), freeing the IRQs after removing the device
creates a small race window for IRQs to be received with the test device
memory already released, causing the IRQ handler to access invalid memory,
resulting in an oops.

Free the device IRQs before removing the device to avoid this issue.
Comment 1 Alexander B 2025-12-30 23:46:30 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025123016-CVE-2023-54326-43b2@gregkh/T