Performance Management Unit Vulnerability in Linux Kernel by IBM

CVE-2025-22094

Summary

A vulnerability in the Linux kernel arises from improper ref-counting in the 'vpa_pmu' performance management unit. After the introduction of the vpa_pmu, which was meant to expose certain latency counters to user-space, it was found that the module's ownership was not correctly assigned. This oversight allows the module to be unloaded while active performance events are running, resulting in potential kernel crashes and null pointer dereferences. A fix has been proposed to ensure proper ref-counting and prevent this issue, ensuring system stability and reliability.

References