cve/published/2024/CVE-2024-41085.json - pub/scm/linux/security/vulns - Git at Google

 {
    "containers": {
       "cna": {
          "providerMetadata": {
             "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
          },
          "descriptions": [
             {
                "lang": "en",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/mem: Fix no cxl_nvd during pmem region auto-assembling\n\nWhen CXL subsystem is auto-assembling a pmem region during cxl\nendpoint port probing, always hit below calltrace.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000078\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n RIP: 0010:cxl_pmem_region_probe+0x22e/0x360 [cxl_pmem]\n Call Trace:\n  <TASK>\n  ? __die+0x24/0x70\n  ? page_fault_oops+0x82/0x160\n  ? do_user_addr_fault+0x65/0x6b0\n  ? exc_page_fault+0x7d/0x170\n  ? asm_exc_page_fault+0x26/0x30\n  ? cxl_pmem_region_probe+0x22e/0x360 [cxl_pmem]\n  ? cxl_pmem_region_probe+0x1ac/0x360 [cxl_pmem]\n  cxl_bus_probe+0x1b/0x60 [cxl_core]\n  really_probe+0x173/0x410\n  ? __pfx___device_attach_driver+0x10/0x10\n  __driver_probe_device+0x80/0x170\n  driver_probe_device+0x1e/0x90\n  __device_attach_driver+0x90/0x120\n  bus_for_each_drv+0x84/0xe0\n  __device_attach+0xbc/0x1f0\n  bus_probe_device+0x90/0xa0\n  device_add+0x51c/0x710\n  devm_cxl_add_pmem_region+0x1b5/0x380 [cxl_core]\n  cxl_bus_probe+0x1b/0x60 [cxl_core]\n\nThe cxl_nvd of the memdev needs to be available during the pmem region\nprobe. Currently the cxl_nvd is registered after the endpoint port probe.\nThe endpoint probe, in the case of autoassembly of regions, can cause a\npmem region probe requiring the not yet available cxl_nvd. Adjust the\nsequence so this dependency is met.\n\nThis requires adding a port parameter to cxl_find_nvdimm_bridge() that\ncan be used to query the ancestor root port. The endpoint port is not\nyet available, but will share a common ancestor with its parent, so\nstart the query from there instead."
             }
          ],
          "affected": [
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "drivers/cxl/core/pmem.c",
                   "drivers/cxl/core/region.c",
                   "drivers/cxl/cxl.h",
                   "drivers/cxl/mem.c"
                ],
                "versions": [
                   {
                      "version": "f17b558d6663101f876a1d9cbbad3de0c8f4ce4d",
                      "lessThan": "1d064e4fbebcf5b18dc10c1f3973487eb163b600",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "f17b558d6663101f876a1d9cbbad3de0c8f4ce4d",
                      "lessThan": "84ec985944ef34a34a1605b93ce401aa8737af96",
                      "status": "affected",
                      "versionType": "git"
                   }
                ]
             },
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "affected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "drivers/cxl/core/pmem.c",
                   "drivers/cxl/core/region.c",
                   "drivers/cxl/cxl.h",
                   "drivers/cxl/mem.c"
                ],
                "versions": [
                   {
                      "version": "6.2",
                      "status": "affected"
                   },
                   {
                      "version": "0",
                      "lessThan": "6.2",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.9.8",
                      "lessThanOrEqual": "6.9.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.10",
                      "lessThanOrEqual": "*",
                      "status": "unaffected",
                      "versionType": "original_commit_for_fix"
                   }
                ]
             }
          ],
          "cpeApplicability": [
             {
                "nodes": [
                   {
                      "operator": "OR",
                      "negate": false,
                      "cpeMatch": [
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.2",
                            "versionEndExcluding": "6.9.8"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "6.2",
                            "versionEndExcluding": "6.10"
                         }
                      ]
                   }
                ]
             }
          ],
          "references": [
             {
                "url": "https://git.kernel.org/stable/c/1d064e4fbebcf5b18dc10c1f3973487eb163b600"
             },
             {
                "url": "https://git.kernel.org/stable/c/84ec985944ef34a34a1605b93ce401aa8737af96"
             }
          ],
          "title": "cxl/mem: Fix no cxl_nvd during pmem region auto-assembling",
          "x_generator": {
             "engine": "bippy-1.2.0"
          }
       }
    },
    "cveMetadata": {
       "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
       "cveID": "CVE-2024-41085",
       "requesterUserId": "gregkh@kernel.org",
       "serial": "1",
       "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0"
 }
	{
	"containers": {
	"cna": {
	"providerMetadata": {
	"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
	},
	"descriptions": [
	{
	"lang": "en",
	"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/mem: Fix no cxl_nvd during pmem region auto-assembling\n\nWhen CXL subsystem is auto-assembling a pmem region during cxl\nendpoint port probing, always hit below calltrace.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000078\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n RIP: 0010:cxl_pmem_region_probe+0x22e/0x360 [cxl_pmem]\n Call Trace:\n <TASK>\n ? __die+0x24/0x70\n ? page_fault_oops+0x82/0x160\n ? do_user_addr_fault+0x65/0x6b0\n ? exc_page_fault+0x7d/0x170\n ? asm_exc_page_fault+0x26/0x30\n ? cxl_pmem_region_probe+0x22e/0x360 [cxl_pmem]\n ? cxl_pmem_region_probe+0x1ac/0x360 [cxl_pmem]\n cxl_bus_probe+0x1b/0x60 [cxl_core]\n really_probe+0x173/0x410\n ? __pfx___device_attach_driver+0x10/0x10\n __driver_probe_device+0x80/0x170\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x90/0x120\n bus_for_each_drv+0x84/0xe0\n __device_attach+0xbc/0x1f0\n bus_probe_device+0x90/0xa0\n device_add+0x51c/0x710\n devm_cxl_add_pmem_region+0x1b5/0x380 [cxl_core]\n cxl_bus_probe+0x1b/0x60 [cxl_core]\n\nThe cxl_nvd of the memdev needs to be available during the pmem region\nprobe. Currently the cxl_nvd is registered after the endpoint port probe.\nThe endpoint probe, in the case of autoassembly of regions, can cause a\npmem region probe requiring the not yet available cxl_nvd. Adjust the\nsequence so this dependency is met.\n\nThis requires adding a port parameter to cxl_find_nvdimm_bridge() that\ncan be used to query the ancestor root port. The endpoint port is not\nyet available, but will share a common ancestor with its parent, so\nstart the query from there instead."
	}
	],
	"affected": [
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"drivers/cxl/core/pmem.c",
	"drivers/cxl/core/region.c",
	"drivers/cxl/cxl.h",
	"drivers/cxl/mem.c"
	],
	"versions": [
	{
	"version": "f17b558d6663101f876a1d9cbbad3de0c8f4ce4d",
	"lessThan": "1d064e4fbebcf5b18dc10c1f3973487eb163b600",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "f17b558d6663101f876a1d9cbbad3de0c8f4ce4d",
	"lessThan": "84ec985944ef34a34a1605b93ce401aa8737af96",
	"status": "affected",
	"versionType": "git"
	}
	]
	},
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "affected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"drivers/cxl/core/pmem.c",
	"drivers/cxl/core/region.c",
	"drivers/cxl/cxl.h",
	"drivers/cxl/mem.c"
	],
	"versions": [
	{
	"version": "6.2",
	"status": "affected"
	},
	{
	"version": "0",
	"lessThan": "6.2",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.9.8",
	"lessThanOrEqual": "6.9.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.10",
	"lessThanOrEqual": "*",
	"status": "unaffected",
	"versionType": "original_commit_for_fix"
	}
	]
	}
	],
	"cpeApplicability": [
	{
	"nodes": [
	{
	"operator": "OR",
	"negate": false,
	"cpeMatch": [
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.2",
	"versionEndExcluding": "6.9.8"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "6.2",
	"versionEndExcluding": "6.10"
	}
	]
	}
	]
	}
	],
	"references": [
	{
	"url": "https://git.kernel.org/stable/c/1d064e4fbebcf5b18dc10c1f3973487eb163b600"
	},
	{
	"url": "https://git.kernel.org/stable/c/84ec985944ef34a34a1605b93ce401aa8737af96"
	}
	],
	"title": "cxl/mem: Fix no cxl_nvd during pmem region auto-assembling",
	"x_generator": {
	"engine": "bippy-1.2.0"
	}
	}
	},
	"cveMetadata": {
	"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
	"cveID": "CVE-2024-41085",
	"requesterUserId": "gregkh@kernel.org",
	"serial": "1",
	"state": "PUBLISHED"
	},
	"dataType": "CVE_RECORD",
	"dataVersion": "5.0"
	}