CVE-2024-58093 – A use-after-free vulnerability in the Linux ker... (How to Fix)

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's PCI/ASPM subsystem that can cause kernel crashes or potential privilege escalation when PCIe devices are hot-unplugged. This affects systems with PCIe switches that have multi-function devices (MFD) on upstream ports, particularly during device removal operations.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions between commit 456d8aa37d0f and commit cbf937dcadfd571a434f8074d057b32cd14fbea5

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires systems with PCIe switches supporting MFD on upstream ports and ASPM enabled. More likely to affect servers, virtualization hosts, and systems with frequent PCIe device changes.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, potential privilege escalation if an attacker can trigger the use-after-free condition to execute arbitrary code in kernel context.

🟠

Likely Case

System instability or crashes during PCIe device hot-unplug operations, especially in virtualized environments or servers with frequent hardware changes.

🟢

If Mitigated

Minor system instability during device removal if proper access controls prevent unauthorized device manipulation.

🌐 Internet-Facing: LOW - Requires local access to trigger via PCIe device operations.

🏢 Internal Only: MEDIUM - Could be exploited by users with physical access or administrative privileges to trigger device removal operations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to trigger PCIe device removal operations, typically requiring local access and appropriate privileges. The vulnerability is triggered during normal system operations (hot-unplug).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel commit cbf937dcadfd571a434f8074d057b32cd14fbea5 and later

Vendor Advisory: https://git.kernel.org/stable/c/cbf937dcadfd571a434f8074d057b32cd14fbea5

Restart Required: Yes

Instructions:

1. Update to a kernel version containing commit cbf937dcadfd571a434f8074d057b32cd14fbea5
2. Check with your Linux distribution for backported patches
3. Reboot the system after kernel update

🔧 Temporary Workarounds

Disable ASPM

linux

Disable Active State Power Management to prevent the vulnerable code path

echo 0 > /sys/module/pcie_aspm/parameters/policy

Restrict PCIe hot-unplug

linux

Prevent unauthorized PCIe device removal operations

🧯 If You Can't Patch

Disable ASPM using kernel boot parameter: pcie_aspm=off
Restrict physical access to PCIe slots and implement strict change control for hardware modifications

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if commit cbf937dcadfd571a434f8074d057b32cd14fbea5 is present: git log --oneline | grep -i 'cbf937dcadfd'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commit: uname -r and check with distribution patch notes

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg
GPF (General Protection Fault) errors
PCI/ASPM related crash reports

SIEM Query:

source="kernel" AND ("GPF" OR "use-after-free" OR "ASPM" OR "PCIe")

📊 Metadata

CVE ID: CVE-2024-58093

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.08% exploit probability (22.8th percentile)

Published: April 16, 2025

Last Updated: October 28, 2025

🔗 References

https://git.kernel.org/stable/c/cbf937dcadfd571a434f8074d057b32cd14fbea5 Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-58093, you might also want to check these: