CVE-2026-43344
Received Received - Intake
Linux Kernel perf/x86/intel/uncore Die ID Initialization Bug

Publication date: 2026-05-08

Last updated on: 2026-05-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix die ID init and look up bugs In snbep_pci2phy_map_init(), in the nr_node_ids > 8 path, uncore_device_to_die() may return -1 when all CPUs associated with the UBOX device are offline. Remove the WARN_ON_ONCE(die_id == -1) check for two reasons: - The current code breaks out of the loop. This is incorrect because pci_get_device() does not guarantee iteration in domain or bus order, so additional UBOX devices may be skipped during the scan. - Returning -EINVAL is incorrect, since marking offline buses with die_id == -1 is expected and should not be treated as an error. Separately, when NUMA is disabled on a NUMA-capable platform, pcibus_to_node() returns NUMA_NO_NODE, causing uncore_device_to_die() to return -1 for all PCI devices. As a result, spr_update_device_location(), used on Intel SPR and EMR, ignores the corresponding PMON units and does not add them to the RB tree. Fix this by using uncore_pcibus_to_dieid(), which retrieves topology from the UBOX GIDNIDMAP register and works regardless of whether NUMA is enabled in Linux. This requires snbep_pci2phy_map_init() to be added in spr_uncore_pci_init(). Keep uncore_device_to_die() only for the nr_node_ids > 8 case, where NUMA is expected to be enabled.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-18
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43344
EUVD
EUVD-2026-28628
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 5.12 (inc) to 6.19.14 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the Linux kernel's handling of Intel uncore devices in the perf/x86/intel/uncore subsystem. Specifically, in the function snbep_pci2phy_map_init(), when the number of node IDs is greater than 8, the function uncore_device_to_die() may return -1 if all CPUs associated with a UBOX device are offline. This causes incorrect behavior because the code treats this as an error and breaks out of a loop, potentially skipping additional UBOX devices during scanning.

Additionally, when NUMA (Non-Uniform Memory Access) is disabled on a NUMA-capable platform, uncore_device_to_die() returns -1 for all PCI devices, causing certain PMON units to be ignored and not added to the RB tree, which affects device location updates.

The fix involves removing the erroneous error check for die_id == -1, and using a different method, uncore_pcibus_to_dieid(), to retrieve topology information regardless of NUMA being enabled or disabled. This ensures proper scanning and handling of UBOX devices and PMON units.

Impact Analysis

This vulnerability can lead to incomplete or incorrect detection and handling of Intel uncore devices in the Linux kernel, particularly UBOX devices and PMON units. As a result, performance monitoring and device topology information may be inaccurate or incomplete.

Such inaccuracies could affect system monitoring, performance analysis, and potentially the stability or efficiency of systems relying on accurate hardware topology and performance data, especially on NUMA-capable platforms or when NUMA is disabled.

Mitigation Strategies

The vulnerability is fixed by updating the Linux kernel to a version that includes the patch resolving the issue in perf/x86/intel/uncore, specifically addressing the handling of die ID initialization and lookup bugs.

Immediate mitigation involves applying the updated kernel where snbep_pci2phy_map_init() uses uncore_pcibus_to_dieid() to correctly retrieve topology regardless of NUMA settings, and removing the incorrect WARN_ON_ONCE(die_id == -1) check.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43344. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart