CVE-2025-40359

EPSS 0.02%
Veröffentlicht 16.12.2025 13:39:58
Zuletzt bearbeitet 18.12.2025 15:08:25
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

perf/x86/intel: Fix KASAN global-out-of-bounds warning

When running "perf mem record" command on CWF, the below KASAN
global-out-of-bounds warning is seen.

  ==================================================================
  BUG: KASAN: global-out-of-bounds in cmt_latency_data+0x176/0x1b0
  Read of size 4 at addr ffffffffb721d000 by task dtlb/9850

  Call Trace:

   kasan_report+0xb8/0xf0
   cmt_latency_data+0x176/0x1b0
   setup_arch_pebs_sample_data+0xf49/0x2560
   intel_pmu_drain_arch_pebs+0x577/0xb00
   handle_pmi_common+0x6c4/0xc80

The issue is caused by below code in __grt_latency_data(). The code
tries to access x86_hybrid_pmu structure which doesn't exist on
non-hybrid platform like CWF.

        WARN_ON_ONCE(hybrid_pmu(event->pmu)->pmu_type == hybrid_big)

So add is_hybrid() check before calling this WARN_ON_ONCE to fix the
global-out-of-bounds access issue.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 1b61a1da3d8105ea1be548c94c2856697eb7ffd1

Version 090262439f66df03d4e9d0e52e14104b729e2ef8

Status affected

Version < 710a72e81a7028e1ad1a10eb14f941f8dd45ffd3

Version 090262439f66df03d4e9d0e52e14104b729e2ef8

Status affected

Version < 0ba6502ce167fc3d598c08c2cc3b4ed7ca5aa251

Version 090262439f66df03d4e9d0e52e14104b729e2ef8

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.11

Status affected

Version < 6.11

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.58

Status unaffected

Version <= 6.17.*

Version 6.17.8

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.057

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/1b61a1da3d8105ea1be548c94c2856697eb7ffd1

https://git.kernel.org/stable/c/710a72e81a7028e1ad1a10eb14f941f8dd45ffd3

https://git.kernel.org/stable/c/0ba6502ce167fc3d598c08c2cc3b4ed7ca5aa251

https://nvd.nist.gov/vuln/detail/CVE-2025-40359

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40359

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40359

EUVD