In the Linux kernel, the following vulnerability has been resolved:

cxl/mem: Fix shutdown order

Ira reports that removing cxl_mock_mem causes a crash with the following
trace:

BUG: kernel NULL pointer dereference, address: 0000000000000044
[..]
RIP: 0010:cxl_region_decode_reset+0x7f/0x180 [cxl_core]
[..]
Call Trace:
<TASK>
cxl_region_detach+0xe8/0x210 [cxl_core]
cxl_decoder_kill_region+0x27/0x40 [cxl_core]
cxld_unregister+0x29/0x40 [cxl_core]
devres_release_all+0xb8/0x110
device_unbind_cleanup+0xe/0x70
device_release_driver_internal+0x1d2/0x210
bus_remove_device+0xd7/0x150
device_del+0x155/0x3e0
device_unregister+0x13/0x60
devm_release_action+0x4d/0x90
? __pfx_unregister_port+0x10/0x10 [cxl_core]
delete_endpoint+0x121/0x130 [cxl_core]
devres_release_all+0xb8/0x110
device_unbind_cleanup+0xe/0x70
device_release_driver_internal+0x1d2/0x210
bus_remove_device+0xd7/0x150
device_del+0x155/0x3e0
? lock_release+0x142/0x290
cdev_device_del+0x15/0x50
cxl_memdev_unregister+0x54/0x70 [cxl_core]

This crash is due to the clearing out the cxl_memdev's driver context
(@cxlds) before the subsystem is done with it. This is ultimately due to
the region(s), that this memdev is a member, being torn down and expecting
to be able to de-reference @cxlds, like here:

static int cxl_region_decode_reset(struct cxl_region *cxlr, int count)
...
if (cxlds->rcd)
goto endpoint_reset;
...

Fix it by keeping the driver context valid until memdev-device
unregistration, and subsequently the entire stack of related
dependencies, unwinds.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00022.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
9cc238c7a526dba9ee8c210fa2828886fc65db66 affected
< 20bd0198bebdd706bd4614b3933ef70d7c19618f
9cc238c7a526dba9ee8c210fa2828886fc65db66 affected
< 7c7371b41a14e86f53e7dbe5baa7b1d3e0ab324b
9cc238c7a526dba9ee8c210fa2828886fc65db66 affected
< cad22a757029c3a1985c221a2d4a6491ad4035ae
9cc238c7a526dba9ee8c210fa2828886fc65db66 affected
< 0ca074f7d788627a4e0b047ca5fbdb5fc567220c
9cc238c7a526dba9ee8c210fa2828886fc65db66 affected
< 88d3917f82ed4215a2154432c26de1480a61b209
964a9834492210f48b360baa9e20a9eedf4d08ff affected
Linux Linux affected
Version Status Constraints
5.15 affected
0 unaffected
< 5.15
5.15.139 unaffected
≤ 5.15.*
6.1.63 unaffected
≤ 6.1.*
6.5.12 unaffected
≤ 6.5.*
6.6.2 unaffected
≤ 6.6.*
6.7 unaffected
≤ *

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/0ca074f7d788627a4e0b047ca5fbdb5fc567220c cve-icon cve-icon
https://git.kernel.org/stable/c/20bd0198bebdd706bd4614b3933ef70d7c19618f cve-icon cve-icon
https://git.kernel.org/stable/c/7c7371b41a14e86f53e7dbe5baa7b1d3e0ab324b cve-icon cve-icon
https://git.kernel.org/stable/c/88d3917f82ed4215a2154432c26de1480a61b209 cve-icon cve-icon
https://git.kernel.org/stable/c/cad22a757029c3a1985c221a2d4a6491ad4035ae cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024052114-CVE-2023-52849-b63f@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-52849 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-52849 cve-icon
History

Mon, 05 May 2025 08:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Dec 2024 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2025-05-04T12:49:39.799Z

Reserved: 2024-05-21T15:19:24.255Z

Link: CVE-2023-52849

cve-icon Vulnrichment

Updated: 2024-08-02T23:11:35.944Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-21T16:15:22.023

Modified: 2024-12-30T20:09:41.537

Link: CVE-2023-52849

cve-icon Redhat

Severity : Low

Publid Date: 2024-05-21T00:00:00Z

Links: CVE-2023-52849 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses