CVE-2026-46272
Received Received - Intake
Race Condition in Linux Kernel Coresight TMC-ETR

Publication date: 2026-06-03

Last updated on: 2026-06-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WARN_ON() in tmc_etr_enable_hw() is triggered sometimes: WARNING: CPU: 42 PID: 3911571 at drivers/hwtracing/coresight/coresight-tmc-etr.c:1060 tmc_etr_enable_hw+0xc0/0xd8 [coresight_tmc] [..snip..] Call trace: tmc_etr_enable_hw+0xc0/0xd8 [coresight_tmc] (P) tmc_enable_etr_sink+0x11c/0x250 [coresight_tmc] (L) tmc_enable_etr_sink+0x11c/0x250 [coresight_tmc] coresight_enable_path+0x1c8/0x218 [coresight] coresight_enable_sysfs+0xa4/0x228 [coresight] enable_source_store+0x58/0xa8 [coresight] dev_attr_store+0x20/0x40 sysfs_kf_write+0x4c/0x68 kernfs_fop_write_iter+0x120/0x1b8 vfs_write+0x2c8/0x388 ksys_write+0x74/0x108 __arm64_sys_write+0x24/0x38 el0_svc_common.constprop.0+0x64/0x148 do_el0_svc+0x24/0x38 el0_svc+0x3c/0x130 el0t_64_sync_handler+0xc8/0xd0 el0t_64_sync+0x1ac/0x1b0 ---[ end trace 0000000000000000 ]--- Since the enablement of sysfs mode is separeted into two critical regions, one for sysfs buffer allocation and another for hardware enablement, it's possible to race with the perf mode. Fix this by double check whether the perf mode's been used before enabling the hardware in sysfs mode. mode: [sysfs mode] [perf mode] tmc_etr_get_sysfs_buffer() spin_lock(&drvdata->spinlock) [sysfs buffer allocation] spin_unlock(&drvdata->spinlock) spin_lock(&drvdata->spinlock) tmc_etr_enable_hw() drvdata->etr_buf = etr_perf->etr_buf spin_unlock(&drvdata->spinlock) spin_lock(&drvdata->spinlock) tmc_etr_enable_hw() WARN_ON(drvdata->etr_buf) // WARN sicne etr_buf initialized at the perf side spin_unlock(&drvdata->spinlock) With this fix, we retain the check for CS_MODE_PERF in get_etr_sysfs_buf. This ensures we verify whether the perf mode's already running before we actually allocate the buffer. Then we can save the time of allocating/freeing the sysfs buffer if race with the perf mode.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-03
Last Modified
2026-06-03
Generated
2026-06-04
AI Q&A
2026-06-03
EPSS Evaluated
N/A
NVD
CVE-2026-46272
EUVD
EUVD-2026-34134
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a race condition in the Linux kernel's coresight tmc-etr driver that occurs when trying to run perf mode and sysfs mode simultaneously.

The issue arises because the enablement of sysfs mode is split into two critical regions: one for sysfs buffer allocation and another for hardware enablement. This separation allows a race condition with perf mode, which can cause a warning (WARN_ON) to be triggered when the hardware is enabled.

Specifically, the problem happens because the sysfs mode does not properly check if perf mode is already using the hardware buffer before enabling it, leading to conflicts and warnings.

The fix involves double-checking whether perf mode is active before enabling the hardware in sysfs mode, preventing the race condition and avoiding unnecessary buffer allocation or freeing.


How can this vulnerability impact me? :

This vulnerability can cause instability or unexpected warnings in the Linux kernel when both perf mode and sysfs mode are used simultaneously with the coresight tmc-etr driver.

The race condition may lead to hardware enablement conflicts, which could result in performance monitoring features not working correctly or causing kernel warnings that might affect system reliability.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability manifests as a WARN_ON() warning in the Linux kernel logs when running perf and sysfs mode simultaneously. You can detect it by checking the kernel log messages for warnings related to tmc_etr_enable_hw().

  • Use the command: dmesg | grep tmc_etr_enable_hw to look for WARN_ON() messages triggered by the coresight-tmc-etr driver.
  • Monitor kernel logs with journalctl -k | grep coresight_tmc to find related warnings or call traces.

What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed by ensuring that the perf mode is checked before enabling hardware in sysfs mode to avoid race conditions. Immediate mitigation involves updating the Linux kernel to a version that includes this fix.

Until the fix is applied, avoid running perf and sysfs modes simultaneously to prevent triggering the race condition.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart