Linux Kernel CXL Memory Device Reference Leak Vulnerability

A vulnerability in the Linux kernel's CXL (Compute Express Link) subsystem has been addressed, which involved a reference leak related to CXL memory devices. When a CXL NVDIMM (Non-Volatile Dual In-line Memory Module) object is removed, any associated memory regions must also be disabled. However, the driver only tracked one region per NVDIMM device, leading to leaks of other regions and references. The vulnerability has been fixed by enabling CXL NVDIMM objects to manage multiple region associations.

Impact

The vulnerability caused leaks of CXL memory device references, which could lead to improper resource management and potential exhaustion of available references.

Reproduction

The vulnerability can be reproduced by creating multiple regions on a single CXL NVDIMM device, then removing the device. Only the last enabled region is properly cleaned up, while others are leaked.