Volerion logoVolerion
Volerion logoVolerion

Linux Kernel CXL/PMEM NVDIMM Registration Race Condition Vulnerability

Vulnerability

A race condition vulnerability in the Linux kernel's CXL/PMEM component can lead to a NULL pointer dereference. This issue occurs during the asynchronous registration of NVDIMM devices, where the CXL context required by the 'cxl_pmem_ctl' function has already been torn down, causing a crash. The vulnerability affects the Linux kernel's stable releases.

Impact

Exploitation of this vulnerability causes a kernel crash due to a NULL pointer dereference, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by loading and unloading the 'cxl_pci' module in a continuous loop. This process interferes with the asynchronous registration of NVDIMM devices, causing a crash when the 'cxl_pmem_ctl' function is called.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version.

Added: Dec 30, 2025, 1:47 PM
Updated: Dec 30, 2025, 1:47 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
3.9
remediation
7.7
relevance
1.8
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.