CVE-2025-40089

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cxl/features: Add check for no entries in cxl_feature_info<br /> <br /> cxl EDAC calls cxl_feature_info() to get the feature information and<br /> if the hardware has no Features support, cxlfs may be passed in as<br /> NULL.<br /> <br /> [ 51.957498] BUG: kernel NULL pointer dereference, address: 0000000000000008<br /> [ 51.965571] #PF: supervisor read access in kernel mode<br /> [ 51.971559] #PF: error_code(0x0000) - not-present page<br /> [ 51.977542] PGD 17e4f6067 P4D 0<br /> [ 51.981384] Oops: Oops: 0000 [#1] SMP NOPTI<br /> [ 51.986300] CPU: 49 UID: 0 PID: 3782 Comm: systemd-udevd Not tainted 6.17.0dj<br /> test+ #64 PREEMPT(voluntary)<br /> [ 51.997355] Hardware name: <br /> [ 52.009790] RIP: 0010:cxl_feature_info+0xa/0x80 [cxl_core]<br /> <br /> Add a check for cxlfs before dereferencing it and return -EOPNOTSUPP if<br /> there is no cxlfs created due to no hardware support.