CVE-2025-38055
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-18

Last updated on: 2025-11-14

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix segfault with PEBS-via-PT with sample_freq Currently, using PEBS-via-PT with a sample frequency instead of a sample period, causes a segfault. For example: BUG: kernel NULL pointer dereference, address: 0000000000000195 <NMI> ? __die_body.cold+0x19/0x27 ? page_fault_oops+0xca/0x290 ? exc_page_fault+0x7e/0x1b0 ? asm_exc_page_fault+0x26/0x30 ? intel_pmu_pebs_event_update_no_drain+0x40/0x60 ? intel_pmu_pebs_event_update_no_drain+0x32/0x60 intel_pmu_drain_pebs_icl+0x333/0x350 handle_pmi_common+0x272/0x3c0 intel_pmu_handle_irq+0x10a/0x2e0 perf_event_nmi_handler+0x2a/0x50 That happens because intel_pmu_pebs_event_update_no_drain() assumes all the pebs_enabled bits represent counter indexes, which is not always the case. In this particular case, bits 60 and 61 are set for PEBS-via-PT purposes. The behaviour of PEBS-via-PT with sample frequency is questionable because although a PMI is generated (PEBS_PMI_AFTER_EACH_RECORD), the period is not adjusted anyway. Putting that aside, fix intel_pmu_pebs_event_update_no_drain() by passing the mask of counter bits instead of 'size'. Note, prior to the Fixes commit, 'size' would be limited to the maximum counter index, so the issue was not hit.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-18
Last Modified
2025-11-14
Generated
2026-05-07
AI Q&A
2025-06-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38055
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel 6.15
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel occurs in the perf subsystem for Intel CPUs when using PEBS-via-PT with a sample frequency instead of a sample period. It causes a kernel NULL pointer dereference (segfault) because the function intel_pmu_pebs_event_update_no_drain() incorrectly assumes all pebs_enabled bits represent counter indexes, which is not true for bits 60 and 61 used by PEBS-via-PT. This leads to a crash when handling performance monitoring interrupts.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash (segfault) when using PEBS-via-PT with sample frequency, leading to system instability or downtime. This could disrupt normal operations on affected systems, especially those relying on performance monitoring features.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing kernel crash logs or oops messages indicating a NULL pointer dereference related to perf events, specifically with PEBS-via-PT and sample frequency usage. Look for kernel messages similar to: 'BUG: kernel NULL pointer dereference, address: 0000000000000195' and stack traces involving 'intel_pmu_pebs_event_update_no_drain'. There are no specific commands provided to detect this vulnerability.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves applying the patch that fixes the intel_pmu_pebs_event_update_no_drain() function to correctly handle PEBS-via-PT with sample frequency. Until the fix is applied, avoid using PEBS-via-PT with sample frequency settings to prevent kernel crashes.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart