CVE-2024-41084

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cxl/region: Avoid null pointer dereference in region lookup<br /> <br /> cxl_dpa_to_region() looks up a region based on a memdev and DPA.<br /> It wrongly assumes an endpoint found mapping the DPA is also of<br /> a fully assembled region. When not true it leads to a null pointer<br /> dereference looking up the region name.<br /> <br /> This appears during testing of region lookup after a failure to<br /> assemble a BIOS defined region or if the lookup raced with the<br /> assembly of the BIOS defined region.<br /> <br /> Failure to clean up BIOS defined regions that fail assembly is an<br /> issue in itself and a fix to that problem will alleviate some of<br /> the impact. It will not alleviate the race condition so let&amp;#39;s harden<br /> this path.<br /> <br /> The behavior change is that the kernel oops due to a null pointer<br /> dereference is replaced with a dev_dbg() message noting that an<br /> endpoint was mapped.<br /> <br /> Additional comments are added so that future users of this function<br /> can more clearly understand what it provides.