CVE-2025-38322

EPSS 0.04%
Published 10.07.2025 08:14:57
Last modified 25.09.2025 10:15:31
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

perf/x86/intel: Fix crash in icl_update_topdown_event()

The perf_fuzzer found a hard-lockup crash on a RaptorLake machine:

  Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000
  CPU: 23 UID: 0 PID: 0 Comm: swapper/23
  Tainted: [W]=WARN
  Hardware name: Dell Inc. Precision 9660/0VJ762
  RIP: 0010:native_read_pmc+0x7/0x40
  Code: cc e8 8d a9 01 00 48 89 03 5b cd cc cc cc cc 0f 1f ...
  RSP: 000:fffb03100273de8 EFLAGS: 00010046
  ....
  Call Trace:
    <TASK>
    icl_update_topdown_event+0x165/0x190
    ? ktime_get+0x38/0xd0
    intel_pmu_read_event+0xf9/0x210
    __perf_event_read+0xf9/0x210

CPUs 16-23 are E-core CPUs that don't support the perf metrics feature.
The icl_update_topdown_event() should not be invoked on these CPUs.

It's a regression of commit:

  f9bdf1f95339 ("perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read")

The bug introduced by that commit is that the is_topdown_event() function
is mistakenly used to replace the is_topdown_count() call to check if the
topdown functions for the perf metrics feature should be invoked.

Fix it.

Affected products Warnungen 0 Metrics 1 CWE 0 References 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 702ea6028032d6c1fe96c2d4762a3575e3654819

Version 781b2db0eb7731fbde510c268b7ccc62959c3feb

Status affected

Version < 79e2dd573116d3338507c311460da9669095c94d

Version e7f6922c8a5b41522a8329ea6bbf815993b2dd28

Status affected

Version < a85cc69acdcb05f8cd226b8ea0778b8e2e887e6f

Version f9bdf1f953392c9edd69a7f884f78c0390127029

Status affected

Version < b0823d5fbacb1c551d793cbfe7af24e0d1fa45ed

Version f9bdf1f953392c9edd69a7f884f78c0390127029

Status affected

Version 3a8bec6583e5239de3bd597ab382dc6c2b0c29a1

Status affected

Version 06cd7bfbb86e9db3e9013ea6636ad2c6f0a1664d

Status affected

Version d8370aa704bd7e384918c8f466856374725c0585

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 6.15

Status affected

Version < 6.15

Version 0

Status unaffected

Version <= 6.1.*

Version 6.1.149

Status unaffected

Version <= 6.6.*

Version 6.6.101

Status unaffected

Version <= 6.15.*

Version 6.15.4

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.11

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/a85cc69acdcb05f8cd226b8ea0778b8e2e887e6f

https://git.kernel.org/stable/c/b0823d5fbacb1c551d793cbfe7af24e0d1fa45ed

https://git.kernel.org/stable/c/79e2dd573116d3338507c311460da9669095c94d

https://git.kernel.org/stable/c/702ea6028032d6c1fe96c2d4762a3575e3654819

https://git.kernel.org/stable/c/e97c45c770f5e56c784a46c2a96ab968d26b97d9

https://nvd.nist.gov/vuln/detail/CVE-2025-38322

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38322

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38322

EUVD