| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025071031-CVE-2025-38322-810a@gregkh>
Date: Thu, 10 Jul 2025 10:15:30 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-38322: perf/x86/intel: Fix crash in icl_update_topdown_event()
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
perf/x86/intel: Fix crash in icl_update_topdown_event()
The perf_fuzzer found a hard-lockup crash on a RaptorLake machine:
Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000
CPU: 23 UID: 0 PID: 0 Comm: swapper/23
Tainted: [W]=WARN
Hardware name: Dell Inc. Precision 9660/0VJ762
RIP: 0010:native_read_pmc+0x7/0x40
Code: cc e8 8d a9 01 00 48 89 03 5b cd cc cc cc cc 0f 1f ...
RSP: 000:fffb03100273de8 EFLAGS: 00010046
....
Call Trace:
<TASK>
icl_update_topdown_event+0x165/0x190
? ktime_get+0x38/0xd0
intel_pmu_read_event+0xf9/0x210
__perf_event_read+0xf9/0x210
CPUs 16-23 are E-core CPUs that don't support the perf metrics feature.
The icl_update_topdown_event() should not be invoked on these CPUs.
It's a regression of commit:
f9bdf1f95339 ("perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read")
The bug introduced by that commit is that the is_topdown_event() function
is mistakenly used to replace the is_topdown_count() call to check if the
topdown functions for the perf metrics feature should be invoked.
Fix it.
The Linux kernel CVE team has assigned CVE-2025-38322 to this issue.
Affected and fixed versions
===========================
Issue introduced in 6.15 with commit f9bdf1f953392c9edd69a7f884f78c0390127029 and fixed in 6.15.4 with commit a85cc69acdcb05f8cd226b8ea0778b8e2e887e6f
Issue introduced in 6.15 with commit f9bdf1f953392c9edd69a7f884f78c0390127029 and fixed in 6.16-rc3 with commit b0823d5fbacb1c551d793cbfe7af24e0d1fa45ed
Issue introduced in 6.1.134 with commit 781b2db0eb7731fbde510c268b7ccc62959c3feb
Issue introduced in 6.6.87 with commit e7f6922c8a5b41522a8329ea6bbf815993b2dd28
Issue introduced in 6.12.23 with commit 3a8bec6583e5239de3bd597ab382dc6c2b0c29a1
Issue introduced in 6.13.11 with commit 06cd7bfbb86e9db3e9013ea6636ad2c6f0a1664d
Issue introduced in 6.14.2 with commit d8370aa704bd7e384918c8f466856374725c0585
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-38322
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
arch/x86/events/intel/core.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/a85cc69acdcb05f8cd226b8ea0778b8e2e887e6f
https://git.kernel.org/stable/c/b0823d5fbacb1c551d793cbfe7af24e0d1fa45ed
Powered by blists - more mailing lists