CVE-2022-48707

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cxl/region: Fix null pointer dereference for resetting decoder<br /> <br /> Not all decoders have a reset callback.<br /> <br /> The CXL specification allows a host bridge with a single root port to<br /> have no explicit HDM decoders. Currently the region driver assumes there<br /> are none. As such the CXL core creates a special pass through decoder<br /> instance without a commit/reset callback.<br /> <br /> Prior to this patch, the -&gt;reset() callback was called unconditionally when<br /> calling cxl_region_decode_reset. Thus a configuration with 1 Host Bridge,<br /> 1 Root Port, and one directly attached CXL type 3 device or multiple CXL<br /> type 3 devices attached to downstream ports of a switch can cause a null<br /> pointer dereference.<br /> <br /> Before the fix, a kernel crash was observed when we destroy the region, and<br /> a pass through decoder is reset.<br /> <br /> The issue can be reproduced as below,<br /> 1) create a region with a CXL setup which includes a HB with a<br /> single root port under which a memdev is attached directly.<br /> 2) destroy the region with cxl destroy-region regionX -f.