CVE-2023-54326

high

Description

In the Linux kernel, the following vulnerability has been resolved: misc: pci_endpoint_test: Free IRQs before removing the device In pci_endpoint_test_remove(), freeing the IRQs after removing the device creates a small race window for IRQs to be received with the test device memory already released, causing the IRQ handler to access invalid memory, resulting in an oops. Free the device IRQs before removing the device to avoid this issue.

References

https://git.kernel.org/stable/c/fb7f8bdb886f2ebf35ee5edaf2bf5f02b063ddb7

https://git.kernel.org/stable/c/f61b7634a3249d12b9daa36ffbdb9965b6f24c6c

https://git.kernel.org/stable/c/dd2210379205fcd23a9d8869b0cef90e3770577c

https://git.kernel.org/stable/c/cdf9a7e2cdc7a5464e3cc6d0b715ba2b1d215521

https://git.kernel.org/stable/c/c2dba13bc0c62b79a3cbe4bfe5faa32231bf9b55

https://git.kernel.org/stable/c/38d12bcf4e2ce3d285eb29644a79a54f42040fab

https://git.kernel.org/stable/c/14bdee38e96c7d37ca15e7bea50411eee25fe315

Details

Source: Mitre, NVD

Published: 2025-12-30

Updated: 2025-12-31

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Severity: High

EPSS

EPSS: 0.00024