CVE-2025-68375

Description

In the Linux kernel, the following vulnerability has been resolved:perf/x86: Fix null event access and potential PEBS record lossWhen intel_pmu_drain_pebs_icl() is called to drain PEBS records, theperf_event_overflow() could be called to process the last PEBS record.While perf_event_overflow() could trigger the interrupt throttle andstop all events of the group, like what the below call-chain shows.perf_event_overflow() -> __perf_event_overflow() ->__perf_event_account_interrupt() -> perf_event_throttle_group() -> perf_event_throttle() -> event->pmu->stop() -> x86_pmu_stop()The side effect of stopping the events is that all corresponding eventpointers in cpuc->events[] array are cleared to null.Assume there are two PEBS events (event a and event b) in a group. Whenintel_pmu_drain_pebs_icl() calls perf_event_overflow() to process thelast PEBS record of PEBS event a, interrupt throttle is triggered andall pointers of event a and event b are cleared to null. Thenintel_pmu_drain_pebs_icl() tries to process the last PEBS record ofevent b and encounters null pointer access.To avoid this issue, move cpuc->events[] clearing from x86_pmu_stop()to x86_pmu_del(). Its safe since cpuc->active_mask orcpuc->pebs_enabled is always checked before access the event pointerfrom cpuc->events[].

Risk Information

Base Score

5.5

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

Exploitation Probability

0.025

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234