CVE-2023-52849

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a NULL pointer dereference in the cxl/mem component of the Linux kernel. This occurs when the cxl memdev unregister() function is called, leading to a crash. The problem arises from the clearing of the cxl memdev driver context (@cxlds) before the subsystem is done using it, specifically when the region that the memdev is a part of is being torn down. The fix involves keeping the driver context valid until the memdev-device unregistration and the subsequent unwinding of related dependencies.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.