Ira Weiny

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A deadlock scenario has been identified in the Linux kernel related to nvdimm (non-volatile dual in-line memory module) firmware activation. The issue arises from the locking mechanism used to protect against unregistration and simultaneous operations. Specifically, the `nvdimm bus lock()` is held over `hibernate quiet exec()`, which walks the system device topology and takes `device lock()` along the way. This can lead to a deadlock scenario involving the `system transition mutex` and `reconfig mutex`. Another deadlock scenario involves the `acpi scan lock` and `cxl root key`. The issue stems from redundant lock usage, which can be deleted to prevent the deadlock. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a NULL pointer dereference in the cxl/mem component of the Linux kernel. This occurs when the `cxl memdev unregister()` function is called, leading to a crash. The problem arises from the clearing of the `cxl memdev` driver context (`@cxlds`) before the subsystem is done using it, specifically when the region that the memdev is a part of is being torn down. The fix involves keeping the driver context valid until the memdev-device unregistration and the subsequent unwinding of related dependencies. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.