CVE-2024-46761: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
In the Linux kernel, the following vulnerability has been resolved:
pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
The hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel
crash when we try to hot-unplug/disable the PCIe switch/bridge from
the PHB.
The crash occurs because although the MSI data structure has been
released during disable/hot-unplug path and it has been assigned
with NULL, still during unregistration the code was again trying to
explicitly disable the MSI which causes the NULL pointer dereference and
kernel crash.
The patch fixes the check during unregistration path to prevent invoking
pci_disable_msi/msix() since its data structure is already freed.
Security readout for executives and security teams
Plain-English summary
This is a Linux kernel crash bug affecting a narrow class of PowerNV powerpc systems during PCIe hot-unplug or disable operations. If triggered, the host can crash. The sources do not show remote exploitation, active exploitation, or a complete severity score.
Executive priority
Treat as a targeted availability risk, not a broad internet-facing emergency. Patch affected PowerNV Linux hosts during normal maintenance, sooner for systems where PCIe hotplug is operationally important.
Technical view
The PowerNV PCI hotplug driver can dereference a NULL MSI/MSI-X structure during unregistration after disable or hot-unplug already freed it. The stable kernel patch prevents calling pci_disable_msi/msix when the data structure is already released.
Likely exposure
Exposure appears limited to Linux systems on PowerNV powerpc hardware using the pnv_php PCI hotplug path, especially hosts where PCIe switches or bridges may be hot-unplugged or disabled.
Exploitation context
CISA KEV status is false in the supplied bundle. The cited sources describe a crash condition during hotplug handling, but do not provide evidence of active exploitation or a remote attack path.
Researcher notes
The affected data comes from the CVE record and stable kernel references. Version ranges are unusual in the bundle and should be reconciled against actual distro kernel builds before declaring systems vulnerable or fixed.
Mitigation direction
Apply Linux kernel updates containing the referenced stable fixes.
Follow distribution advisories, including Debian LTS where applicable.
Prioritize PowerNV hosts that rely on PCIe hotplug operations.
If no update is available, check vendor guidance before using operational workarounds.
Validation and detection
Inventory PowerNV powerpc Linux systems and kernel versions.
Check whether the running kernel includes the referenced stable fix commit.
Review kernel logs for crashes around PCIe hot-unplug or bridge disable events.
Confirm distribution kernels are updated according to vendor advisories.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2024-46761 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.