Home

Description

In the Linux kernel, the following vulnerability has been resolved: cxl/acpi: Fix a use-after-free in cxl_parse_cfmws() KASAN and KFENCE detected an user-after-free in the CXL driver. This happens in the cxl_decoder_add() fail path. KASAN prints the following error: BUG: KASAN: slab-use-after-free in cxl_parse_cfmws (drivers/cxl/acpi.c:299) This happens in cxl_parse_cfmws(), where put_device() is called, releasing cxld, which is accessed later. Use the local variables in the dev_err() instead of pointing to the released memory. Since the dev_err() is printing a resource, change the open coded print format to use the %pr format specifier.

PUBLISHED Reserved 2025-10-01 | Published 2025-10-01 | Updated 2025-10-01 | Assigner Linux

Product status

Default status
unaffected

e50fe01e1f2a4aba2275edee7d5c77ac87674ddb before 748fadc08bcbdaf573b34d9784bb3dbd87441dbf
affected

e50fe01e1f2a4aba2275edee7d5c77ac87674ddb before 316db489647b8ddc381682597e89787eac61a278
affected

e50fe01e1f2a4aba2275edee7d5c77ac87674ddb before 4cf67d3cc9994a59cf77bb9c0ccf9007fe916afe
affected

Default status
affected

6.0
affected

Any version before 6.0
unaffected

6.1.43
unaffected

6.4.8
unaffected

6.5
unaffected

References

git.kernel.org/...c/748fadc08bcbdaf573b34d9784bb3dbd87441dbf

git.kernel.org/...c/316db489647b8ddc381682597e89787eac61a278

git.kernel.org/...c/4cf67d3cc9994a59cf77bb9c0ccf9007fe916afe

cve.org (CVE-2023-53479)

nvd.nist.gov (CVE-2023-53479)

Download JSON