Logical Flaw in Linux Kernel Affecting Performance Monitoring Events
CVE-2025-39821
What is CVE-2025-39821?
A logical flaw has been identified in the Linux kernel's handling of performance monitoring events. This vulnerability occurs when the performance monitoring unit (PMU) drivers call start/stop functions on inactive events, which can lead to operations using a negative index. Specifically, when a child event is configured in a disabled state, it remains uninitialized during throttling, causing undefined behavior when processed. The flaw affects both arm64 and x86-64 architectures, resulting in unwanted UBSAN shift-out-of-bounds reports. The issue has been addressed by ensuring that only active events with valid hardware indices are managed during throttling, effectively preventing erroneous operations and enhancing system stability.
Affected Version(s)
Linux 9734e25fbf5ae68eb04234b2cd14a4b36ab89141
Linux 9734e25fbf5ae68eb04234b2cd14a4b36ab89141
Linux 6.16