{ "threat_severity" : "Low", "public_date" : "2024-07-29T00:00:00Z", "bugzilla" : { "description" : "kernel: cxl/mem: Fix no cxl_nvd during pmem region auto-assembling", "id" : "2300481", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2300481" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-476", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ncxl/mem: Fix no cxl_nvd during pmem region auto-assembling\nWhen CXL subsystem is auto-assembling a pmem region during cxl\nendpoint port probing, always hit below calltrace.\nBUG: kernel NULL pointer dereference, address: 0000000000000078\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nRIP: 0010:cxl_pmem_region_probe+0x22e/0x360 [cxl_pmem]\nCall Trace:\n\n? __die+0x24/0x70\n? page_fault_oops+0x82/0x160\n? do_user_addr_fault+0x65/0x6b0\n? exc_page_fault+0x7d/0x170\n? asm_exc_page_fault+0x26/0x30\n? cxl_pmem_region_probe+0x22e/0x360 [cxl_pmem]\n? cxl_pmem_region_probe+0x1ac/0x360 [cxl_pmem]\ncxl_bus_probe+0x1b/0x60 [cxl_core]\nreally_probe+0x173/0x410\n? __pfx___device_attach_driver+0x10/0x10\n__driver_probe_device+0x80/0x170\ndriver_probe_device+0x1e/0x90\n__device_attach_driver+0x90/0x120\nbus_for_each_drv+0x84/0xe0\n__device_attach+0xbc/0x1f0\nbus_probe_device+0x90/0xa0\ndevice_add+0x51c/0x710\ndevm_cxl_add_pmem_region+0x1b5/0x380 [cxl_core]\ncxl_bus_probe+0x1b/0x60 [cxl_core]\nThe cxl_nvd of the memdev needs to be available during the pmem region\nprobe. Currently the cxl_nvd is registered after the endpoint port probe.\nThe endpoint probe, in the case of autoassembly of regions, can cause a\npmem region probe requiring the not yet available cxl_nvd. Adjust the\nsequence so this dependency is met.\nThis requires adding a port parameter to cxl_find_nvdimm_bridge() that\ncan be used to query the ancestor root port. The endpoint port is not\nyet available, but will share a common ancestor with its parent, so\nstart the query from there instead." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-41085\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41085\nhttps://lore.kernel.org/linux-cve-announce/2024072951-CVE-2024-41085-9bbd@gregkh/T" ], "name" : "CVE-2024-41085", "csaw" : false }