{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-52849","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-21T15:19:24.255Z","datePublished":"2024-05-21T15:31:45.884Z","dateUpdated":"2025-05-04T12:49:39.799Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T12:49:39.799Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/mem: Fix shutdown order\n\nIra reports that removing cxl_mock_mem causes a crash with the following\ntrace:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000044\n [..]\n RIP: 0010:cxl_region_decode_reset+0x7f/0x180 [cxl_core]\n [..]\n Call Trace:\n  <TASK>\n  cxl_region_detach+0xe8/0x210 [cxl_core]\n  cxl_decoder_kill_region+0x27/0x40 [cxl_core]\n  cxld_unregister+0x29/0x40 [cxl_core]\n  devres_release_all+0xb8/0x110\n  device_unbind_cleanup+0xe/0x70\n  device_release_driver_internal+0x1d2/0x210\n  bus_remove_device+0xd7/0x150\n  device_del+0x155/0x3e0\n  device_unregister+0x13/0x60\n  devm_release_action+0x4d/0x90\n  ? __pfx_unregister_port+0x10/0x10 [cxl_core]\n  delete_endpoint+0x121/0x130 [cxl_core]\n  devres_release_all+0xb8/0x110\n  device_unbind_cleanup+0xe/0x70\n  device_release_driver_internal+0x1d2/0x210\n  bus_remove_device+0xd7/0x150\n  device_del+0x155/0x3e0\n  ? lock_release+0x142/0x290\n  cdev_device_del+0x15/0x50\n  cxl_memdev_unregister+0x54/0x70 [cxl_core]\n\nThis crash is due to the clearing out the cxl_memdev's driver context\n(@cxlds) before the subsystem is done with it. This is ultimately due to\nthe region(s), that this memdev is a member, being torn down and expecting\nto be able to de-reference @cxlds, like here:\n\nstatic int cxl_region_decode_reset(struct cxl_region *cxlr, int count)\n...\n                if (cxlds->rcd)\n                        goto endpoint_reset;\n...\n\nFix it by keeping the driver context valid until memdev-device\nunregistration, and subsequently the entire stack of related\ndependencies, unwinds."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/cxl/core/memdev.c"],"versions":[{"version":"9cc238c7a526dba9ee8c210fa2828886fc65db66","lessThan":"20bd0198bebdd706bd4614b3933ef70d7c19618f","status":"affected","versionType":"git"},{"version":"9cc238c7a526dba9ee8c210fa2828886fc65db66","lessThan":"7c7371b41a14e86f53e7dbe5baa7b1d3e0ab324b","status":"affected","versionType":"git"},{"version":"9cc238c7a526dba9ee8c210fa2828886fc65db66","lessThan":"cad22a757029c3a1985c221a2d4a6491ad4035ae","status":"affected","versionType":"git"},{"version":"9cc238c7a526dba9ee8c210fa2828886fc65db66","lessThan":"0ca074f7d788627a4e0b047ca5fbdb5fc567220c","status":"affected","versionType":"git"},{"version":"9cc238c7a526dba9ee8c210fa2828886fc65db66","lessThan":"88d3917f82ed4215a2154432c26de1480a61b209","status":"affected","versionType":"git"},{"version":"964a9834492210f48b360baa9e20a9eedf4d08ff","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/cxl/core/memdev.c"],"versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","status":"unaffected","versionType":"semver"},{"version":"5.15.139","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.63","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.5.12","lessThanOrEqual":"6.5.*","status":"unaffected","versionType":"semver"},{"version":"6.6.2","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.7","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.15.139"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.1.63"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.5.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.6.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.14.8"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/20bd0198bebdd706bd4614b3933ef70d7c19618f"},{"url":"https://git.kernel.org/stable/c/7c7371b41a14e86f53e7dbe5baa7b1d3e0ab324b"},{"url":"https://git.kernel.org/stable/c/cad22a757029c3a1985c221a2d4a6491ad4035ae"},{"url":"https://git.kernel.org/stable/c/0ca074f7d788627a4e0b047ca5fbdb5fc567220c"},{"url":"https://git.kernel.org/stable/c/88d3917f82ed4215a2154432c26de1480a61b209"}],"title":"cxl/mem: Fix shutdown order","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-10T19:16:24.136793Z","id":"CVE-2023-52849","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-10T19:16:37.413Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T23:11:35.944Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/20bd0198bebdd706bd4614b3933ef70d7c19618f","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/7c7371b41a14e86f53e7dbe5baa7b1d3e0ab324b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/cad22a757029c3a1985c221a2d4a6491ad4035ae","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/0ca074f7d788627a4e0b047ca5fbdb5fc567220c","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/88d3917f82ed4215a2154432c26de1480a61b209","tags":["x_transferred"]}]}]}}