5.5
MEDIUM
CVE-2023-52849
Linux CXL Core: Kernel NULL Pointer Dereference in cxl_region_decode_reset
Description

In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix shutdown order Ira reports that removing cxl_mock_mem causes a crash with the following trace: BUG: kernel NULL pointer dereference, address: 0000000000000044 [..] RIP: 0010:cxl_region_decode_reset+0x7f/0x180 [cxl_core] [..] Call Trace: <TASK> cxl_region_detach+0xe8/0x210 [cxl_core] cxl_decoder_kill_region+0x27/0x40 [cxl_core] cxld_unregister+0x29/0x40 [cxl_core] devres_release_all+0xb8/0x110 device_unbind_cleanup+0xe/0x70 device_release_driver_internal+0x1d2/0x210 bus_remove_device+0xd7/0x150 device_del+0x155/0x3e0 device_unregister+0x13/0x60 devm_release_action+0x4d/0x90 ? __pfx_unregister_port+0x10/0x10 [cxl_core] delete_endpoint+0x121/0x130 [cxl_core] devres_release_all+0xb8/0x110 device_unbind_cleanup+0xe/0x70 device_release_driver_internal+0x1d2/0x210 bus_remove_device+0xd7/0x150 device_del+0x155/0x3e0 ? lock_release+0x142/0x290 cdev_device_del+0x15/0x50 cxl_memdev_unregister+0x54/0x70 [cxl_core] This crash is due to the clearing out the cxl_memdev's driver context (@cxlds) before the subsystem is done with it. This is ultimately due to the region(s), that this memdev is a member, being torn down and expecting to be able to de-reference @cxlds, like here: static int cxl_region_decode_reset(struct cxl_region *cxlr, int count) ... if (cxlds->rcd) goto endpoint_reset; ... Fix it by keeping the driver context valid until memdev-device unregistration, and subsequently the entire stack of related dependencies, unwinds.

INFO

Published Date :

May 21, 2024, 4:15 p.m.

Last Modified :

Dec. 30, 2024, 8:09 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

1.8
Affected Products

The following products are affected by CVE-2023-52849 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-52849.

URL Resource
https://git.kernel.org/stable/c/0ca074f7d788627a4e0b047ca5fbdb5fc567220c Patch
https://git.kernel.org/stable/c/20bd0198bebdd706bd4614b3933ef70d7c19618f Patch
https://git.kernel.org/stable/c/7c7371b41a14e86f53e7dbe5baa7b1d3e0ab324b Patch
https://git.kernel.org/stable/c/88d3917f82ed4215a2154432c26de1480a61b209 Patch
https://git.kernel.org/stable/c/cad22a757029c3a1985c221a2d4a6491ad4035ae Patch
https://git.kernel.org/stable/c/0ca074f7d788627a4e0b047ca5fbdb5fc567220c Patch
https://git.kernel.org/stable/c/20bd0198bebdd706bd4614b3933ef70d7c19618f Patch
https://git.kernel.org/stable/c/7c7371b41a14e86f53e7dbe5baa7b1d3e0ab324b Patch
https://git.kernel.org/stable/c/88d3917f82ed4215a2154432c26de1480a61b209 Patch
https://git.kernel.org/stable/c/cad22a757029c3a1985c221a2d4a6491ad4035ae Patch

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-52849 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2023-52849 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Dec. 30, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE NIST CWE-476
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.14.8 up to (excluding) 5.15.139 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.63 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.5.12 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6 up to (excluding) 6.6.2
    Changed Reference Type https://git.kernel.org/stable/c/0ca074f7d788627a4e0b047ca5fbdb5fc567220c No Types Assigned https://git.kernel.org/stable/c/0ca074f7d788627a4e0b047ca5fbdb5fc567220c Patch
    Changed Reference Type https://git.kernel.org/stable/c/0ca074f7d788627a4e0b047ca5fbdb5fc567220c No Types Assigned https://git.kernel.org/stable/c/0ca074f7d788627a4e0b047ca5fbdb5fc567220c Patch
    Changed Reference Type https://git.kernel.org/stable/c/20bd0198bebdd706bd4614b3933ef70d7c19618f No Types Assigned https://git.kernel.org/stable/c/20bd0198bebdd706bd4614b3933ef70d7c19618f Patch
    Changed Reference Type https://git.kernel.org/stable/c/20bd0198bebdd706bd4614b3933ef70d7c19618f No Types Assigned https://git.kernel.org/stable/c/20bd0198bebdd706bd4614b3933ef70d7c19618f Patch
    Changed Reference Type https://git.kernel.org/stable/c/7c7371b41a14e86f53e7dbe5baa7b1d3e0ab324b No Types Assigned https://git.kernel.org/stable/c/7c7371b41a14e86f53e7dbe5baa7b1d3e0ab324b Patch
    Changed Reference Type https://git.kernel.org/stable/c/7c7371b41a14e86f53e7dbe5baa7b1d3e0ab324b No Types Assigned https://git.kernel.org/stable/c/7c7371b41a14e86f53e7dbe5baa7b1d3e0ab324b Patch
    Changed Reference Type https://git.kernel.org/stable/c/88d3917f82ed4215a2154432c26de1480a61b209 No Types Assigned https://git.kernel.org/stable/c/88d3917f82ed4215a2154432c26de1480a61b209 Patch
    Changed Reference Type https://git.kernel.org/stable/c/88d3917f82ed4215a2154432c26de1480a61b209 No Types Assigned https://git.kernel.org/stable/c/88d3917f82ed4215a2154432c26de1480a61b209 Patch
    Changed Reference Type https://git.kernel.org/stable/c/cad22a757029c3a1985c221a2d4a6491ad4035ae No Types Assigned https://git.kernel.org/stable/c/cad22a757029c3a1985c221a2d4a6491ad4035ae Patch
    Changed Reference Type https://git.kernel.org/stable/c/cad22a757029c3a1985c221a2d4a6491ad4035ae No Types Assigned https://git.kernel.org/stable/c/cad22a757029c3a1985c221a2d4a6491ad4035ae Patch
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/0ca074f7d788627a4e0b047ca5fbdb5fc567220c
    Added Reference https://git.kernel.org/stable/c/20bd0198bebdd706bd4614b3933ef70d7c19618f
    Added Reference https://git.kernel.org/stable/c/7c7371b41a14e86f53e7dbe5baa7b1d3e0ab324b
    Added Reference https://git.kernel.org/stable/c/88d3917f82ed4215a2154432c26de1480a61b209
    Added Reference https://git.kernel.org/stable/c/cad22a757029c3a1985c221a2d4a6491ad4035ae
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 29, 2024

    Action Type Old Value New Value
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 21, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix shutdown order Ira reports that removing cxl_mock_mem causes a crash with the following trace: BUG: kernel NULL pointer dereference, address: 0000000000000044 [..] RIP: 0010:cxl_region_decode_reset+0x7f/0x180 [cxl_core] [..] Call Trace: <TASK> cxl_region_detach+0xe8/0x210 [cxl_core] cxl_decoder_kill_region+0x27/0x40 [cxl_core] cxld_unregister+0x29/0x40 [cxl_core] devres_release_all+0xb8/0x110 device_unbind_cleanup+0xe/0x70 device_release_driver_internal+0x1d2/0x210 bus_remove_device+0xd7/0x150 device_del+0x155/0x3e0 device_unregister+0x13/0x60 devm_release_action+0x4d/0x90 ? __pfx_unregister_port+0x10/0x10 [cxl_core] delete_endpoint+0x121/0x130 [cxl_core] devres_release_all+0xb8/0x110 device_unbind_cleanup+0xe/0x70 device_release_driver_internal+0x1d2/0x210 bus_remove_device+0xd7/0x150 device_del+0x155/0x3e0 ? lock_release+0x142/0x290 cdev_device_del+0x15/0x50 cxl_memdev_unregister+0x54/0x70 [cxl_core] This crash is due to the clearing out the cxl_memdev's driver context (@cxlds) before the subsystem is done with it. This is ultimately due to the region(s), that this memdev is a member, being torn down and expecting to be able to de-reference @cxlds, like here: static int cxl_region_decode_reset(struct cxl_region *cxlr, int count) ... if (cxlds->rcd) goto endpoint_reset; ... Fix it by keeping the driver context valid until memdev-device unregistration, and subsequently the entire stack of related dependencies, unwinds.
    Added Reference kernel.org https://git.kernel.org/stable/c/20bd0198bebdd706bd4614b3933ef70d7c19618f [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/7c7371b41a14e86f53e7dbe5baa7b1d3e0ab324b [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/cad22a757029c3a1985c221a2d4a6491ad4035ae [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/0ca074f7d788627a4e0b047ca5fbdb5fc567220c [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/88d3917f82ed4215a2154432c26de1480a61b209 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-52849 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-52849 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
:
© cvefeed.io
Latest DB Update: May. 14, 2025 18:58