CVE-2025-38055 Information

Jun 19, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

perf/x86/intel: Fix segfault with PEBS-via-PT with sample_freq

Currently using PEBS-via-PT with a sample frequency instead of a sample period causes a segfault. For example:

BUG: kernel NULL pointer dereference address: 0000000000000195
<NMI>
? __die_body.cold+0x19/0x27
? page_fault_oops+0xca/0x290
? exc_page_fault+0x7e/0x1b0
? asm_exc_page_fault+0x26/0x30
? intel_pmu_pebs_event_update_no_drain+0x40/0x60
? intel_pmu_pebs_event_update_no_drain+0x32/0x60
intel_pmu_drain_pebs_icl+0x333/0x350
handle_pmi_common+0x272/0x3c0
intel_pmu_handle_irq+0x10a/0x2e0
perf_event_nmi_handler+0x2a/0x50

That happens because intel_pmu_pebs_event_update_no_drain() assumes all the pebs_enabled bits represent counter indexes which is not always the case. In this particular case bits 60 and 61 are set for PEBS-via-PT purposes.

The behaviour of PEBS-via-PT with sample frequency is questionable because although a PMI is generated (PEBS_PMI_AFTER_EACH_RECORD) the period is not adjusted anyway.

Putting that aside fix intel_pmu_pebs_event_update_no_drain() by passing the mask of counter bits instead of ‘size’. Note prior to the Fixes commit ‘size’ would be limited to the maximum counter index so the issue was not hit.

Reference

https://git.kernel.org/stable/c/0b1874a5b1173fbcb2185ab828f4c33d067e551e https://git.kernel.org/stable/c/99bcd91fabada0dbb1d5f0de44532d8008db93c6 https://git.kernel.org/stable/c/ca51db23166767a8445deb8331c9b8d5205d9287

CNNVD-202506-2187 (Published: 2025-06-18)

Share on:

CVE-2025-38055 Information

Description

Reference

Related CNNVD