CVE-2024-46750

Updated: 2026-02-27 02:56:19.611997

Description:

In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock() One of the true positives that the cfg_access_lock lockdep effort identified is this sequence: WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70 RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70 Call Trace: <TASK> ? __warn+0x8c/0x190 ? pci_bridge_secondary_bus_reset+0x5d/0x70 ? report_bug+0x1f8/0x200 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? pci_bridge_secondary_bus_reset+0x5d/0x70 pci_reset_bus+0x1d8/0x270 vmd_probe+0x778/0xa10 pci_device_probe+0x95/0x120 Where pci_reset_bus() users are triggering unlocked secondary bus resets. Ironically pci_bus_reset(), several calls down from pci_reset_bus(), uses pci_bus_lock() before issuing the reset which locks everything *but* the bridge itself. For the same motivation as adding: bridge = pci_upstream_bridge(dev); if (bridge) pci_dev_lock(bridge); to pci_reset_function() for the "bus" and "cxl_bus" reset cases, add pci_dev_lock() for @bus->self to pci_bus_lock(). [bhelgaas: squash in recursive locking deadlock fix from Keith Busch: https://lore.kernel.org/r/20240711193650.701834-1-kbusch@meta.com]


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
Oracle Linux 7 ELS kernel-uek 5.4.17 5.5 MEDIUM Ignored 2025-12-03 19:22:34
RHEL 7 ELS kernel 3.10.0 5.5 MEDIUM Released CLSA-2025:1750353839 2025-06-20 00:30:50
Ubuntu 16.04 ELS linux-hwe 4.15.0 5.5 MEDIUM Released CLSA-2024:1731603700 2024-11-14 12:15:27
Ubuntu 16.04 ELS linux 4.4.0 5.5 MEDIUM Released CLSA-2024:1731605761 2024-11-14 16:42:09
Ubuntu 18.04 ELS linux 4.15.0 5.5 MEDIUM Released CLSA-2024:1731602566 2024-11-14 12:15:21
Total: 15