Linux Kernel CXL NVDIMM Bus Race Condition Vulnerability

A race condition vulnerability has been identified in the Linux kernel's handling of CXL (Compute Express Link) NVDIMM (Non-Volatile DIMM) objects. This issue arises when the CXL ACPI (Advanced Configuration and Power Interface) support is removed, leading to orphaned NVDIMM objects that are improperly re-probed. The problem manifests as a NULL pointer dereference, causing a kernel crash. The vulnerability is present in the CXL subsystem, specifically within the NVDIMM management components.

Impact

Exploitation of this vulnerability leads to a kernel NULL pointer dereference, causing a system crash. This issue was observed during the CXL translation unit test, where the removal of CXL ACPI support caused orphaned NVDIMM objects to be re-probed, triggering the NULL pointer dereference.

Reproduction

The vulnerability can be reproduced by running the CXL translation unit test, cxl-translate.sh, after removing the CXL ACPI support. Adding a 3-second delay before starting the test can help replicate the issue consistently.

Remediation

The vulnerability has been addressed in a patch that synchronizes the probing of CXL NVDIMM bridges, ensuring proper management of NVDIMM objects. Users should apply this patch to mitigate the vulnerability.