Linux Kernel CXL Region Reference Leak Vulnerability

Vulnerability

A vulnerability in the Linux kernel's CXL (Compute Express Link) region management has been addressed. When a CXL region is deleted, any targets previously assigned to that region retain references to it. The vulnerability arose because these references were not properly managed, leading to a memory leak. Once the region's sysfs interface was removed, userspace lost the ability to detach targets, causing the region object to leak. The issue has been resolved by ensuring that all targets are detached before the region is unregistered, allowing the region object to be properly cleaned up.

Impact

The vulnerability could lead to a memory leak, where deleted CXL regions are not properly cleaned up, potentially causing increased memory usage over time.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel CXL Region Reference Leak Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating