{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-54323", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-30T12:35:56.209Z", "datePublished": "2025-12-30T12:37:07.656Z", "dateUpdated": "2025-12-30T12:37:07.656Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-30T12:37:07.656Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/pmem: Fix nvdimm registration races\n\nA loop of the form:\n\n while true; do modprobe cxl_pci; modprobe -r cxl_pci; done\n\n...fails with the following crash signature:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000040\n [..]\n RIP: 0010:cxl_internal_send_cmd+0x5/0xb0 [cxl_core]\n [..]\n Call Trace:\n <TASK>\n cxl_pmem_ctl+0x121/0x240 [cxl_pmem]\n nvdimm_get_config_data+0xd6/0x1a0 [libnvdimm]\n nd_label_data_init+0x135/0x7e0 [libnvdimm]\n nvdimm_probe+0xd6/0x1c0 [libnvdimm]\n nvdimm_bus_probe+0x7a/0x1e0 [libnvdimm]\n really_probe+0xde/0x380\n __driver_probe_device+0x78/0x170\n driver_probe_device+0x1f/0x90\n __device_attach_driver+0x85/0x110\n bus_for_each_drv+0x7d/0xc0\n __device_attach+0xb4/0x1e0\n bus_probe_device+0x9f/0xc0\n device_add+0x445/0x9c0\n nd_async_device_register+0xe/0x40 [libnvdimm]\n async_run_entry_fn+0x30/0x130\n\n...namely that the bottom half of async nvdimm device registration runs\nafter the CXL has already torn down the context that cxl_pmem_ctl()\nneeds. Unlike the ACPI NFIT case that benefits from launching multiple\nnvdimm device registrations in parallel from those listed in the table,\nCXL is already marked PROBE_PREFER_ASYNCHRONOUS. So provide for a\nsynchronous registration path to preclude this scenario."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/cxl/pmem.c", "drivers/nvdimm/bus.c", "drivers/nvdimm/dimm_devs.c", "drivers/nvdimm/nd-core.h", "include/linux/libnvdimm.h"], "versions": [{"version": "21083f51521fb0f60dbac591f175c3ed48435af4", "lessThan": "a371788d4f4a7f59eecd22644331d599979fd283", "status": "affected", "versionType": "git"}, {"version": "21083f51521fb0f60dbac591f175c3ed48435af4", "lessThan": "18c65667fa9104780eeaa0dc1bc240f0c2094772", "status": "affected", "versionType": "git"}, {"version": "21083f51521fb0f60dbac591f175c3ed48435af4", "lessThan": "f57aec443c24d2e8e1f3b5b4856aea12ddda4254", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/cxl/pmem.c", "drivers/nvdimm/bus.c", "drivers/nvdimm/dimm_devs.c", "drivers/nvdimm/nd-core.h", "include/linux/libnvdimm.h"], "versions": [{"version": "5.14", "status": "affected"}, {"version": "0", "lessThan": "5.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.16", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2.3", "lessThanOrEqual": "6.2.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.1.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.2.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a371788d4f4a7f59eecd22644331d599979fd283"}, {"url": "https://git.kernel.org/stable/c/18c65667fa9104780eeaa0dc1bc240f0c2094772"}, {"url": "https://git.kernel.org/stable/c/f57aec443c24d2e8e1f3b5b4856aea12ddda4254"}], "title": "cxl/pmem: Fix nvdimm registration races", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/pmem: Fix nvdimm registration races\n\nA loop of the form:\n\n while true; do modprobe cxl_pci; modprobe -r cxl_pci; done\n\n...fails with the following crash signature:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000040\n [..]\n RIP: 0010:cxl_internal_send_cmd+0x5/0xb0 [cxl_core]\n [..]\n Call Trace:\n <TASK>\n cxl_pmem_ctl+0x121/0x240 [cxl_pmem]\n nvdimm_get_config_data+0xd6/0x1a0 [libnvdimm]\n nd_label_data_init+0x135/0x7e0 [libnvdimm]\n nvdimm_probe+0xd6/0x1c0 [libnvdimm]\n nvdimm_bus_probe+0x7a/0x1e0 [libnvdimm]\n really_probe+0xde/0x380\n __driver_probe_device+0x78/0x170\n driver_probe_device+0x1f/0x90\n __device_attach_driver+0x85/0x110\n bus_for_each_drv+0x7d/0xc0\n __device_attach+0xb4/0x1e0\n bus_probe_device+0x9f/0xc0\n device_add+0x445/0x9c0\n nd_async_device_register+0xe/0x40 [libnvdimm]\n async_run_entry_fn+0x30/0x130\n\n...namely that the bottom half of async nvdimm device registration runs\nafter the CXL has already torn down the context that cxl_pmem_ctl()\nneeds. Unlike the ACPI NFIT case that benefits from launching multiple\nnvdimm device registrations in parallel from those listed in the table,\nCXL is already marked PROBE_PREFER_ASYNCHRONOUS. So provide for a\nsynchronous registration path to preclude this scenario."}], "id": "CVE-2023-54323", "lastModified": "2025-12-30T13:16:21.627", "metrics": {}, "published": "2025-12-30T13:16:21.627", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/18c65667fa9104780eeaa0dc1bc240f0c2094772"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a371788d4f4a7f59eecd22644331d599979fd283"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f57aec443c24d2e8e1f3b5b4856aea12ddda4254"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}