IM
IronMonkey Threat Research

CVE-2025-38322 MEDIUM

Published: 2025-07-10 | Last Modified: 2026-07-14 | Status: Modified

Description

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix crash in icl_update_topdown_event() The perf_fuzzer found a hard-lockup crash on a RaptorLake machine: Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000 CPU: 23 UID: 0 PID: 0 Comm: swapper/23 Tainted: [W]=WARN Hardware name: Dell Inc. Precision 9660/0VJ762 RIP: 0010:native_read_pmc+0x7/0x40 Code: cc e8 8d a9 01 00 48 89 03 5b cd cc cc cc cc 0f 1f ... RSP: 000:fffb03100273de8 EFLAGS: 00010046 .... Call Trace: <TASK> icl_update_topdown_event+0x165/0x190 ? ktime_get+0x38/0xd0 intel_pmu_read_event+0xf9/0x210 __perf_event_read+0xf9/0x210 CPUs 16-23 are E-core CPUs that don't support the perf metrics feature. The icl_update_topdown_event() should not be invoked on these CPUs. It's a regression of commit: f9bdf1f95339 ("perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read") The bug introduced by that commit is that the is_topdown_event() function is mistakenly used to replace the is_topdown_count() call to check if the topdown functions for the perf metrics feature should be invoked. Fix it.

Additional Descriptions (1)

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: perf/x86/intel: Se corrige un fallo en icl_update_topdown_event(). perf_fuzzer encontró un fallo de bloqueo duro en una máquina RaptorLake: Oops: fallo de protección general, tal vez para la dirección 0xffff89aeceab400: 0000 CPU: 23 UID: 0 PID: 0 Comm: swapper/23 Tainted: [W]=WARN Nombre del hardware: Dell Inc. Precision 9660/0VJ762 RIP: 0010:native_read_pmc+0x7/0x40 Código: cc e8 8d a9 01 00 48 89 03 5b cd cc cc cc cc 0f 1f ... RSP: 000:fffb03100273de8 EFLAGS: 00010046 .... Seguimiento de llamadas: icl_update_topdown_event+0x165/0x190 ? ktime_get+0x38/0xd0 intel_pmu_read_event+0xf9/0x210 __perf_event_read+0xf9/0x210 Las CPU 16-23 son CPU de núcleo E que no admiten la función de métricas de rendimiento. No se debe invocar icl_update_topdown_event() en estas CPU. Es una regresión del commit: f9bdf1f95339 ("perf/x86/intel: Evitar deshabilitar PMU si !cpuc-&gt;enabled en la lectura de muestra") El error introducido por esa confirmación es que la función is_topdown_event() se usa por error para reemplazar la llamada is_topdown_count() para verificar si se deben invocar las funciones descendentes para la característica de métricas de rendimiento. Arréglenlo.

CVSS Metrics

Base Score: 5.5 (MEDIUM)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack VectorLOCAL
Attack ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 3.6

Weaknesses

Source Type Description
[email protected] Primary
en NVD-CWE-noinfo

Affected Products

Vendor Product Version Update Type
linux linux_kernel * <built-in method update of dict object at 0x702bdc59fc80> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702b703776c0> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bdc59ce00> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702c047dc8c0> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bdc59e440> Operating System
linux linux_kernel 6.16 <built-in method update of dict object at 0x702bdc59e600> Operating System
linux linux_kernel 6.16 <built-in method update of dict object at 0x702bdc59d580> Operating System
debian debian_linux 11.0 <built-in method update of dict object at 0x702bdc59ff40> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

References

Notification
Message here