CXL-type-3 Device Vulnerability in Linux Kernel
CVE-2025-38252
What is CVE-2025-38252?
A vulnerability in the Linux kernel related to CXL-type-3 devices has been identified due to fragile assumptions within the cxl_cper_handle_prot_err() function. It incorrectly assumes that the endpoints identified in the record are CXL-type-3 devices and that they are bound to the cxl_pci driver. Additionally, the device lock is held unnecessarily during the switch-port tracing. These flaws may lead to system crashes, compromising system stability. Remediations involve strengthening checks to ensure the PCIe endpoint is associated with cxl_memdev before making such assumptions, thus enhancing the kernel’s resilience against faulty driver assumptions.
Affected Version(s)
Linux 36f257e3b0ba904f5a4e7fa8dafaa60e88cdd28c < 4bcb8dd36e9e3fad6c22862ac5b6993df838309b
Linux 36f257e3b0ba904f5a4e7fa8dafaa60e88cdd28c < 3c70ec71abdaf4e4fa48cd8fdfbbd864d78235a8
Linux 6.15