Linux · Linux Kernel · CVE-2023-52771
**Name of the Vulnerable Software and Affected Versions**
Linux kernel (affected versions not specified)
**Description**
The issue is related to the CXL subsystem in the Linux kernel, where a lineage of ports is established between an endpoint and the root of a CXL topology. When a port or memdev is removed, the hierarchy below it needs to come down. The delete endpoint() callback checks whether it is tearing down the hierarchy or just the memdev. To fix the issue, two bugs need to be addressed: preventing use-after-free scenarios and correctly locking the parent device in RCH topologies. The fix involves taking the device lock() of the endpoint's parent and using endpoint->dev.parent instead of @port->dev in certain cases.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.