Linux Kernel CXL Guest Initialization Null Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's CXL (Compute Express Link) guest initialization process can lead to a null pointer dereference. This issue arises in the 'cxl_guest_init_afu' and 'cxl_guest_init_adapter' functions within the CXL guest driver. When the 'device_register' function fails, the corresponding device is not properly added, and the 'device_unregister' function cannot be called without causing a null pointer dereference. The error handling has been updated to prevent this issue by using 'put_device' to release the device reference in case of a registration failure.

Impact

Exploitation of this vulnerability can lead to a null pointer dereference, causing a crash or undefined behavior in the system.

Reproduction

The vulnerability can be reproduced by attempting to register a CXL adapter or AFU (Accelerator Function Unit) in a guest environment when the 'device_register' call fails. This failure can be simulated by introducing an error in the registration process, which will prevent the device from being added. As a result, the subsequent 'device_unregister' call will attempt to remove a device that was never added, leading to a null pointer dereference.

Remediation

The vulnerability has been addressed in the official Linux kernel repository. Users can upgrade to the latest version of the Linux kernel to apply the necessary fix.