{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-26761","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-19T14:20:24.171Z","datePublished":"2024-04-03T17:00:44.934Z","dateUpdated":"2025-05-04T08:55:54.672Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:55:54.672Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window\n\nThe Linux CXL subsystem is built on the assumption that HPA == SPA.\nThat is, the host physical address (HPA) the HDM decoder registers are\nprogrammed with are system physical addresses (SPA).\n\nDuring HDM decoder setup, the DVSEC CXL range registers (cxl-3.1,\n8.1.3.8) are checked if the memory is enabled and the CXL range is in\na HPA window that is described in a CFMWS structure of the CXL host\nbridge (cxl-3.1, 9.18.1.3).\n\nNow, if the HPA is not an SPA, the CXL range does not match a CFMWS\nwindow and the CXL memory range will be disabled then. The HDM decoder\nstops working which causes system memory being disabled and further a\nsystem hang during HDM decoder initialization, typically when a CXL\nenabled kernel boots.\n\nPrevent a system hang and do not disable the HDM decoder if the\ndecoder's CXL range is not found in a CFMWS window.\n\nNote the change only fixes a hardware hang, but does not implement\nHPA/SPA translation. Support for this can be added in a follow on\npatch series."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/cxl/core/pci.c"],"versions":[{"version":"34e37b4c432cd0f1842b352fde4b8878b4166888","lessThan":"031217128990d7f0ab8c46db1afb3cf1e075fd29","status":"affected","versionType":"git"},{"version":"34e37b4c432cd0f1842b352fde4b8878b4166888","lessThan":"2cc1a530ab31c65b52daf3cb5d0883c8b614ea69","status":"affected","versionType":"git"},{"version":"34e37b4c432cd0f1842b352fde4b8878b4166888","lessThan":"3a3181a71935774bda2398451256d7441426420b","status":"affected","versionType":"git"},{"version":"34e37b4c432cd0f1842b352fde4b8878b4166888","lessThan":"0cab687205986491302cd2e440ef1d253031c221","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/cxl/core/pci.c"],"versions":[{"version":"5.19","status":"affected"},{"version":"0","lessThan":"5.19","status":"unaffected","versionType":"semver"},{"version":"6.1.80","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.19","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.7.7","lessThanOrEqual":"6.7.*","status":"unaffected","versionType":"semver"},{"version":"6.8","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.1.80"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.6.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.7.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.8"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/031217128990d7f0ab8c46db1afb3cf1e075fd29"},{"url":"https://git.kernel.org/stable/c/2cc1a530ab31c65b52daf3cb5d0883c8b614ea69"},{"url":"https://git.kernel.org/stable/c/3a3181a71935774bda2398451256d7441426420b"},{"url":"https://git.kernel.org/stable/c/0cab687205986491302cd2e440ef1d253031c221"}],"title":"cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-26761","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-04-03T18:38:51.943125Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:48:31.762Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T00:14:13.361Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/031217128990d7f0ab8c46db1afb3cf1e075fd29","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/2cc1a530ab31c65b52daf3cb5d0883c8b614ea69","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/3a3181a71935774bda2398451256d7441426420b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/0cab687205986491302cd2e440ef1d253031c221","tags":["x_transferred"]}]}]}}