CVE-2024-53194: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-53194 is a use-after-free vulnerability discovered in the Linux kernel's PCI subsystem. The issue was identified when a boot crash occurred on recent Lenovo laptops with USB4 docks. The vulnerability was discovered in December 2024 and affects the PCI hot-remove functionality, specifically involving the pciehp driver and slot management (Kernel Git).

The vulnerability occurs when pciehp is unbound from one of the dock's Downstream Ports. The issue stems from pcislot containing a pointer to pcibus below the Downstream Port without acquiring a proper reference. When the pcibus is destroyed before the pcislot, a use-after-free condition occurs during pcislotrelease() when accessing slot->bus. The vulnerability is triggered by a race condition between hierarchy removal by pciehp and driver binding by pcibusadd_devices() (Kernel Git). The CVSS v3.1 base score is 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can lead to system crashes and potential privilege escalation on affected systems. The issue is particularly impactful on systems using USB4 docks, where the vulnerability can be triggered during normal operation when the thunderbolt driver resets USB4 v2 and v1 Host Routers (Kernel Git).

The vulnerability has been patched by modifying pcicreateslot() to properly acquire and manage references to pcibus. The fix involves using pcibusget() to acquire a reference and pcibus_put() to release it appropriately. The patch has been confirmed to resolve the crash issues on affected systems (Kernel Git). The fix has been included in various Linux kernel versions, including 5.10.234-1 and 6.1.128-1~deb11u1 (Debian LTS).