{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-41085","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-07-12T12:17:45.634Z","datePublished":"2024-07-29T15:48:01.267Z","dateUpdated":"2025-05-04T09:21:45.066Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:21:45.066Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/mem: Fix no cxl_nvd during pmem region auto-assembling\n\nWhen CXL subsystem is auto-assembling a pmem region during cxl\nendpoint port probing, always hit below calltrace.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000078\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n RIP: 0010:cxl_pmem_region_probe+0x22e/0x360 [cxl_pmem]\n Call Trace:\n  <TASK>\n  ? __die+0x24/0x70\n  ? page_fault_oops+0x82/0x160\n  ? do_user_addr_fault+0x65/0x6b0\n  ? exc_page_fault+0x7d/0x170\n  ? asm_exc_page_fault+0x26/0x30\n  ? cxl_pmem_region_probe+0x22e/0x360 [cxl_pmem]\n  ? cxl_pmem_region_probe+0x1ac/0x360 [cxl_pmem]\n  cxl_bus_probe+0x1b/0x60 [cxl_core]\n  really_probe+0x173/0x410\n  ? __pfx___device_attach_driver+0x10/0x10\n  __driver_probe_device+0x80/0x170\n  driver_probe_device+0x1e/0x90\n  __device_attach_driver+0x90/0x120\n  bus_for_each_drv+0x84/0xe0\n  __device_attach+0xbc/0x1f0\n  bus_probe_device+0x90/0xa0\n  device_add+0x51c/0x710\n  devm_cxl_add_pmem_region+0x1b5/0x380 [cxl_core]\n  cxl_bus_probe+0x1b/0x60 [cxl_core]\n\nThe cxl_nvd of the memdev needs to be available during the pmem region\nprobe. Currently the cxl_nvd is registered after the endpoint port probe.\nThe endpoint probe, in the case of autoassembly of regions, can cause a\npmem region probe requiring the not yet available cxl_nvd. Adjust the\nsequence so this dependency is met.\n\nThis requires adding a port parameter to cxl_find_nvdimm_bridge() that\ncan be used to query the ancestor root port. The endpoint port is not\nyet available, but will share a common ancestor with its parent, so\nstart the query from there instead."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/cxl/core/pmem.c","drivers/cxl/core/region.c","drivers/cxl/cxl.h","drivers/cxl/mem.c"],"versions":[{"version":"f17b558d6663101f876a1d9cbbad3de0c8f4ce4d","lessThan":"1d064e4fbebcf5b18dc10c1f3973487eb163b600","status":"affected","versionType":"git"},{"version":"f17b558d6663101f876a1d9cbbad3de0c8f4ce4d","lessThan":"84ec985944ef34a34a1605b93ce401aa8737af96","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/cxl/core/pmem.c","drivers/cxl/core/region.c","drivers/cxl/cxl.h","drivers/cxl/mem.c"],"versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","status":"unaffected","versionType":"semver"},{"version":"6.9.8","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.9.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1d064e4fbebcf5b18dc10c1f3973487eb163b600"},{"url":"https://git.kernel.org/stable/c/84ec985944ef34a34a1605b93ce401aa8737af96"}],"title":"cxl/mem: Fix no cxl_nvd during pmem region auto-assembling","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T04:46:52.323Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/1d064e4fbebcf5b18dc10c1f3973487eb163b600","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/84ec985944ef34a34a1605b93ce401aa8737af96","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-41085","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T16:20:52.180696Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:33:58.962Z"}}]}}