CVE-2023-54323

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists in the CXL/PMEM subsystem during NVMe DIMM (NVDIMM) registration. Specifically, the issue occurs when the lower half of asynchronous NVDIMM device registration runs after the CXL context needed by the cxl pmem ctl() function has been torn down. This can lead to a kernel NULL pointer dereference, potentially causing a system crash. The vulnerability is triggered by repeatedly loading and unloading the cxl pci module. The cxl internal send cmd() function is involved in the crash signature. The issue is related to asynchronous registration paths in CXL, and providing a synchronous registration path can prevent the scenario.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.