CVE-2025-68375
Unknown Unknown - Not Provided
NULL Pointer Dereference in Linux perf Event Handling Causes PEBS Data Loss

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: perf/x86: Fix NULL event access and potential PEBS record loss When intel_pmu_drain_pebs_icl() is called to drain PEBS records, the perf_event_overflow() could be called to process the last PEBS record. While perf_event_overflow() could trigger the interrupt throttle and stop all events of the group, like what the below call-chain shows. perf_event_overflow() -> __perf_event_overflow() ->__perf_event_account_interrupt() -> perf_event_throttle_group() -> perf_event_throttle() -> event->pmu->stop() -> x86_pmu_stop() The side effect of stopping the events is that all corresponding event pointers in cpuc->events[] array are cleared to NULL. Assume there are two PEBS events (event a and event b) in a group. When intel_pmu_drain_pebs_icl() calls perf_event_overflow() to process the last PEBS record of PEBS event a, interrupt throttle is triggered and all pointers of event a and event b are cleared to NULL. Then intel_pmu_drain_pebs_icl() tries to process the last PEBS record of event b and encounters NULL pointer access. To avoid this issue, move cpuc->events[] clearing from x86_pmu_stop() to x86_pmu_del(). It's safe since cpuc->active_mask or cpuc->pebs_enabled is always checked before access the event pointer from cpuc->events[].
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68375
EUVD
EUVD-2025-205079
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel involves a NULL pointer access and potential loss of PEBS (Precise Event-Based Sampling) records during performance event processing. Specifically, when the function intel_pmu_drain_pebs_icl() calls perf_event_overflow() to process the last PEBS record, an interrupt throttle can be triggered that stops all events in the group and clears their pointers to NULL. Subsequently, the code attempts to access these now NULL pointers, causing a NULL pointer dereference. The fix involves moving the clearing of event pointers from the stop function to the delete function to prevent accessing NULL pointers.

Impact Analysis

This vulnerability can cause the Linux kernel to attempt to access NULL pointers during performance event processing, which may lead to kernel crashes or instability. This can affect system reliability and performance monitoring accuracy, potentially disrupting applications or services relying on these kernel features.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version where the fix has been applied. The fix involves moving the clearing of cpuc->events[] from x86_pmu_stop() to x86_pmu_del(), preventing NULL pointer access during PEBS event processing. Applying the latest kernel patches that include this fix will address the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68375. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart