CVE-2024-41085
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-41085
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41085.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-41085
- Downstream
- Published
- 2024-07-29T15:48:01Z
- Modified
- 2025-10-15T12:38:14.152169Z
- Summary
- cxl/mem: Fix no cxl_nvd during pmem region auto-assembling
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
cxl/mem: Fix no cxl_nvd during pmem region auto-assembling
When CXL subsystem is auto-assembling a pmem region during cxl endpoint port probing, always hit below calltrace.
BUG: kernel NULL pointer dereference, address: 0000000000000078 #PF: supervisor read access in kernel mode #PF: errorcode(0x0000) - not-present page RIP: 0010:cxlpmemregionprobe+0x22e/0x360 [cxlpmem] Call Trace: <TASK> ? die+0x24/0x70 ? pagefaultoops+0x82/0x160 ? douseraddrfault+0x65/0x6b0 ? excpagefault+0x7d/0x170 ? asmexcpagefault+0x26/0x30 ? cxlpmemregionprobe+0x22e/0x360 [cxlpmem] ? cxlpmemregionprobe+0x1ac/0x360 [cxlpmem] cxlbusprobe+0x1b/0x60 [cxlcore] reallyprobe+0x173/0x410 ? _pfxdeviceattachdriver+0x10/0x10 _driverprobedevice+0x80/0x170 driverprobedevice+0x1e/0x90 _deviceattachdriver+0x90/0x120 busforeachdrv+0x84/0xe0 _deviceattach+0xbc/0x1f0 busprobedevice+0x90/0xa0 deviceadd+0x51c/0x710 devmcxladdpmemregion+0x1b5/0x380 [cxlcore] cxlbusprobe+0x1b/0x60 [cxl_core]
The cxlnvd of the memdev needs to be available during the pmem region probe. Currently the cxlnvd is registered after the endpoint port probe. The endpoint probe, in the case of autoassembly of regions, can cause a pmem region probe requiring the not yet available cxl_nvd. Adjust the sequence so this dependency is met.
This requires adding a port parameter to cxlfindnvdimm_bridge() that can be used to query the ancestor root port. The endpoint port is not yet available, but will share a common ancestor with its parent, so start the query from there instead.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf17b558d6663101f876a1d9cbbad3de0c8f4ce4dFixed1d064e4fbebcf5b18dc10c1f3973487eb163b600
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf17b558d6663101f876a1d9cbbad3de0c8f4ce4dFixed84ec985944ef34a34a1605b93ce401aa8737af96
Affected versions
v6.*
v6.1
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v6.9.6
v6.9.7
Database specific
{
"vanir_signatures": [
{
"deprecated": false,
"id": "CVE-2024-41085-1ef5868a",
"target": {
"file": "drivers/cxl/mem.c",
"function": "cxl_mem_probe"
},
"signature_version": "v1",
"digest": {
"function_hash": "239222672556732926929802963267530333920",
"length": 1595.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1d064e4fbebcf5b18dc10c1f3973487eb163b600",
"signature_type": "Function"
},
{
"deprecated": false,
"id": "CVE-2024-41085-21f3b580",
"target": {
"file": "drivers/cxl/mem.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"309123740332088486046097802553425858820",
"182413631775720135898389319113129501859",
"4346425365444604260715026180633971902",
"128342013462427301512204475500567264144",
"210432617798344187903220927268320886228",
"144129660903611565684027532719127686231",
"115311398132946145927282984122403649863",
"160304077121955186487143781050757096358",
"168188421807942650230260942373732270956",
"176094456351430682053832599116363570014",
"115232739030941804192056722520187990388",
"202766974195884564950257705639115726267",
"286404531495727043387630818403811959829"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1d064e4fbebcf5b18dc10c1f3973487eb163b600",
"signature_type": "Line"
},
{
"deprecated": false,
"id": "CVE-2024-41085-3e21bfe9",
"target": {
"file": "drivers/cxl/core/region.c",
"function": "cxl_pmem_region_alloc"
},
"signature_version": "v1",
"digest": {
"function_hash": "226253506362491571129162559611772621316",
"length": 1236.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1d064e4fbebcf5b18dc10c1f3973487eb163b600",
"signature_type": "Function"
},
{
"deprecated": false,
"id": "CVE-2024-41085-48d2e2f2",
"target": {
"file": "drivers/cxl/core/pmem.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"58500011797587469053638473516908435524",
"92522823466643405565266192946759305920",
"184358585476143861403975915473183992518",
"248206145418433585638848921433540165169",
"27818452189264186894824144351718127796",
"124577264931906903638665888915196676496",
"222707368431710411438681133200682964486",
"194207416066738061499266579432700092272",
"329931221797473408655052028572907359030",
"10208248443944626433318531280257200412",
"153935828026020702679265212079289635493",
"23002797599179316859560156320645529901",
"329038241805694769135610943830084213299",
"123346280760940344372299455763664588752",
"165972352926091240837521045360523430471",
"107885255498724221625395829046115481672",
"25550249485158302426258062410802937100"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1d064e4fbebcf5b18dc10c1f3973487eb163b600",
"signature_type": "Line"
},
{
"deprecated": false,
"id": "CVE-2024-41085-4968069c",
"target": {
"file": "drivers/cxl/core/pmem.c",
"function": "cxl_find_nvdimm_bridge"
},
"signature_version": "v1",
"digest": {
"function_hash": "240942162548891081914095258883144761574",
"length": 276.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1d064e4fbebcf5b18dc10c1f3973487eb163b600",
"signature_type": "Function"
},
{
"deprecated": false,
"id": "CVE-2024-41085-4a455d05",
"target": {
"file": "drivers/cxl/core/pmem.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"58500011797587469053638473516908435524",
"92522823466643405565266192946759305920",
"184358585476143861403975915473183992518",
"248206145418433585638848921433540165169",
"27818452189264186894824144351718127796",
"124577264931906903638665888915196676496",
"222707368431710411438681133200682964486",
"194207416066738061499266579432700092272",
"329931221797473408655052028572907359030",
"10208248443944626433318531280257200412",
"153935828026020702679265212079289635493",
"23002797599179316859560156320645529901",
"329038241805694769135610943830084213299",
"123346280760940344372299455763664588752",
"165972352926091240837521045360523430471",
"107885255498724221625395829046115481672",
"25550249485158302426258062410802937100"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@84ec985944ef34a34a1605b93ce401aa8737af96",
"signature_type": "Line"
},
{
"deprecated": false,
"id": "CVE-2024-41085-54c0b204",
"target": {
"file": "drivers/cxl/cxl.h"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"261676917608474206071665971849058559690",
"5867601117907642265330956042567441232",
"165133301491369443257566705872530558528",
"1584694379002965733226063405997474544",
"257367570499306086252759664412718866463"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@84ec985944ef34a34a1605b93ce401aa8737af96",
"signature_type": "Line"
},
{
"deprecated": false,
"id": "CVE-2024-41085-5c7f76b3",
"target": {
"file": "drivers/cxl/mem.c",
"function": "cxl_mem_probe"
},
"signature_version": "v1",
"digest": {
"function_hash": "239222672556732926929802963267530333920",
"length": 1595.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@84ec985944ef34a34a1605b93ce401aa8737af96",
"signature_type": "Function"
},
{
"deprecated": false,
"id": "CVE-2024-41085-60839d57",
"target": {
"file": "drivers/cxl/core/pmem.c",
"function": "devm_cxl_add_nvdimm"
},
"signature_version": "v1",
"digest": {
"function_hash": "83692375406226107876825500140906998710",
"length": 669.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1d064e4fbebcf5b18dc10c1f3973487eb163b600",
"signature_type": "Function"
},
{
"deprecated": false,
"id": "CVE-2024-41085-6b7ad680",
"target": {
"file": "drivers/cxl/core/region.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"118159601991038901917106815519936138379",
"47769331761139572837637851682105587866",
"211002372828770988568884588857634547645",
"205321511272318588516641945696997629663"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1d064e4fbebcf5b18dc10c1f3973487eb163b600",
"signature_type": "Line"
},
{
"deprecated": false,
"id": "CVE-2024-41085-7a8c73e1",
"target": {
"file": "drivers/cxl/core/pmem.c",
"function": "cxl_find_nvdimm_bridge"
},
"signature_version": "v1",
"digest": {
"function_hash": "240942162548891081914095258883144761574",
"length": 276.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@84ec985944ef34a34a1605b93ce401aa8737af96",
"signature_type": "Function"
},
{
"deprecated": false,
"id": "CVE-2024-41085-8733e65d",
"target": {
"file": "drivers/cxl/cxl.h"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"261676917608474206071665971849058559690",
"5867601117907642265330956042567441232",
"165133301491369443257566705872530558528",
"1584694379002965733226063405997474544",
"257367570499306086252759664412718866463"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1d064e4fbebcf5b18dc10c1f3973487eb163b600",
"signature_type": "Line"
},
{
"deprecated": false,
"id": "CVE-2024-41085-88c7f74d",
"target": {
"file": "drivers/cxl/core/region.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"118159601991038901917106815519936138379",
"47769331761139572837637851682105587866",
"211002372828770988568884588857634547645",
"205321511272318588516641945696997629663"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@84ec985944ef34a34a1605b93ce401aa8737af96",
"signature_type": "Line"
},
{
"deprecated": false,
"id": "CVE-2024-41085-89ee93d1",
"target": {
"file": "drivers/cxl/core/region.c",
"function": "cxl_pmem_region_alloc"
},
"signature_version": "v1",
"digest": {
"function_hash": "226253506362491571129162559611772621316",
"length": 1236.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@84ec985944ef34a34a1605b93ce401aa8737af96",
"signature_type": "Function"
},
{
"deprecated": false,
"id": "CVE-2024-41085-bf709938",
"target": {
"file": "drivers/cxl/mem.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"309123740332088486046097802553425858820",
"182413631775720135898389319113129501859",
"4346425365444604260715026180633971902",
"128342013462427301512204475500567264144",
"210432617798344187903220927268320886228",
"144129660903611565684027532719127686231",
"115311398132946145927282984122403649863",
"160304077121955186487143781050757096358",
"168188421807942650230260942373732270956",
"176094456351430682053832599116363570014",
"115232739030941804192056722520187990388",
"202766974195884564950257705639115726267",
"286404531495727043387630818403811959829"
],
"threshold": 0.9
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@84ec985944ef34a34a1605b93ce401aa8737af96",
"signature_type": "Line"
},
{
"deprecated": false,
"id": "CVE-2024-41085-fe0e064b",
"target": {
"file": "drivers/cxl/core/pmem.c",
"function": "devm_cxl_add_nvdimm"
},
"signature_version": "v1",
"digest": {
"function_hash": "83692375406226107876825500140906998710",
"length": 669.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@84ec985944ef34a34a1605b93ce401aa8737af96",
"signature_type": "Function"
}
]
}