{
  "threat_severity" : "Moderate",
  "public_date" : "2025-09-17T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: PCI: Fix use-after-free in pci_bus_release_domain_nr()",
    "id" : "2396117",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2396117"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nPCI: Fix use-after-free in pci_bus_release_domain_nr()\nCommit c14f7ccc9f5d (\"PCI: Assign PCI domain IDs by ida_alloc()\")\nintroduced a use-after-free bug in the bus removal cleanup. The issue was\nfound with kfence:\n[   19.293351] BUG: KFENCE: use-after-free read in pci_bus_release_domain_nr+0x10/0x70\n[   19.302817] Use-after-free read at 0x000000007f3b80eb (in kfence-#115):\n[   19.309677]  pci_bus_release_domain_nr+0x10/0x70\n[   19.309691]  dw_pcie_host_deinit+0x28/0x78\n[   19.309702]  tegra_pcie_deinit_controller+0x1c/0x38 [pcie_tegra194]\n[   19.309734]  tegra_pcie_dw_probe+0x648/0xb28 [pcie_tegra194]\n[   19.309752]  platform_probe+0x90/0xd8\n...\n[   19.311457] kfence-#115: 0x00000000063a155a-0x00000000ba698da8, size=1072, cache=kmalloc-2k\n[   19.311469] allocated by task 96 on cpu 10 at 19.279323s:\n[   19.311562]  __kmem_cache_alloc_node+0x260/0x278\n[   19.311571]  kmalloc_trace+0x24/0x30\n[   19.311580]  pci_alloc_bus+0x24/0xa0\n[   19.311590]  pci_register_host_bridge+0x48/0x4b8\n[   19.311601]  pci_scan_root_bus_bridge+0xc0/0xe8\n[   19.311613]  pci_host_probe+0x18/0xc0\n[   19.311623]  dw_pcie_host_init+0x2c0/0x568\n[   19.311630]  tegra_pcie_dw_probe+0x610/0xb28 [pcie_tegra194]\n[   19.311647]  platform_probe+0x90/0xd8\n...\n[   19.311782] freed by task 96 on cpu 10 at 19.285833s:\n[   19.311799]  release_pcibus_dev+0x30/0x40\n[   19.311808]  device_release+0x30/0x90\n[   19.311814]  kobject_put+0xa8/0x120\n[   19.311832]  device_unregister+0x20/0x30\n[   19.311839]  pci_remove_bus+0x78/0x88\n[   19.311850]  pci_remove_root_bus+0x5c/0x98\n[   19.311860]  dw_pcie_host_deinit+0x28/0x78\n[   19.311866]  tegra_pcie_deinit_controller+0x1c/0x38 [pcie_tegra194]\n[   19.311883]  tegra_pcie_dw_probe+0x648/0xb28 [pcie_tegra194]\n[   19.311900]  platform_probe+0x90/0xd8\n...\n[   19.313579] CPU: 10 PID: 96 Comm: kworker/u24:2 Not tainted 6.2.0 #4\n[   19.320171] Hardware name:  /, BIOS 1.0-d7fb19b 08/10/2022\n[   19.325852] Workqueue: events_unbound deferred_probe_work_func\nThe stack trace is a bit misleading as dw_pcie_host_deinit() doesn't\ndirectly call pci_bus_release_domain_nr(). The issue turns out to be in\npci_remove_root_bus() which first calls pci_remove_bus() which frees the\nstruct pci_bus when its struct device is released. Then\npci_bus_release_domain_nr() is called and accesses the freed struct\npci_bus. Reordering these fixes the issue.", "A use-after-free exists in the linux kernel such that The kernel frees the struct pci_bus in pci_remove_bus() (via release_pcibus_dev()).\nAfter the structure is freed, a callback (pci_bus_release_domain_nr()) accesses that freed memory, leading to damage to system availability." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53363\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53363\nhttps://lore.kernel.org/linux-cve-announce/2025091722-CVE-2023-53363-4ac2@gregkh/T" ],
  "name" : "CVE-2023-53363",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}