CVE-2026-23348

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to the handling of Non-Volatile DIMM (NVDIMM) objects within the cxl (Coherent Accelerator Interface) subsystem. A race condition can occur during the creation of NVDIMM objects, specifically when the cxl translate module depends on cxl acpi. This dependency can lead to orphaned NVDIMM objects being reprobed after cxl acpi is removed, resulting in a NULL pointer dereference when accessing the dev->parent pointer, which points to the missing nvdimm bus. This issue was identified during unit testing with cxl-translate.sh and can be consistently reproduced with a short delay. The fix involves ensuring synchronous probing of the cxl nvb driver, validating the nvdimm bus during device attachment, acquiring appropriate locks, and invalidating cxl nvdimm flags to prevent further issues. The removal of cxl nvdimm devices is intended to prevent orphaned devices from probing after the nvdimm bus is gone.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.