CVE-2025-40089

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.17.0dj

Description The Linux kernel contains a flaw in the cxl/features component. Specifically, the cxl feature info() function may be called with a NULL pointer when hardware does not support features, potentially leading to a kernel NULL pointer dereference. This occurs when cxl EDAC attempts to retrieve feature information and cxlfs is passed as NULL due to a lack of hardware support. A check has been added to prevent dereferencing cxlfs and return an error if no cxlfs is created.

Recommendations Update to Linux kernel version 6.17.0dj or later.