cve/2023/CVE-2023-52617.md

### [CVE-2023-52617](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52617)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%20d8c293549946%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In the Linux kernel, the following vulnerability has been resolved:PCI: switchtec: Fix stdev_release() crash after surprise hot removeA PCI device hot removal may occur while stdev->cdev is held open. The callto stdev_release() then happens during close or exit, at a point way pastswitchtec_pci_remove(). Otherwise the last ref would vanish with thetrailing put_device(), just before return.At that later point in time, the devm cleanup has already removed thestdev->mmio_mrpc mapping. Also, the stdev->pdev reference was not a countedone. Therefore, in DMA mode, the iowrite32() in stdev_release() will causea fatal page fault, and the subsequent dma_free_coherent(), if reached,would pass a stale &stdev->pdev->dev pointer.Fix by moving MRPC DMA shutdown into switchtec_pci_remove(), afterstdev_kill(). Counting the stdev->pdev ref is now optional, but may preventfuture accidents.Reproducible via the script athttps://lore.kernel.org/r/20231113212150.96410-1-dns@arista.com

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/NaInSec/CVE-LIST