User Space ACR Mask Validation Issue in Linux Kernel by Linux Foundation
CVE-2026-53370
What is CVE-2026-53370?
The Linux Kernel has a validation issue concerning user space ACR masks, particularly in handling configuration. Specifically, the vulnerability allows improper validation of the user space ACR mask (attr.config2), where indices from different ACR event groups may be accepted without adequate checks. An erroneous early termination in processing invalid ACR masks can lead to skipping essential configurations, while previous hardware ACR masks are not cleared before establishing new settings. The resolution introduces enhanced validation by dropping invalid bits from the user-space mask and clearing stale hardware configurations, ensuring a more reliable setup. Although theoretically a non-leader event in an ACR group could cause bit-shifting issues, practical usage scenarios highly rely on all events being active, minimizing this risk.
Affected Version(s)
Linux ec980e4facef8110f6fce27e5b6344660117f01f
Linux ec980e4facef8110f6fce27e5b6344660117f01f
Linux ec980e4facef8110f6fce27e5b6344660117f01f < 5ad732a56be46aabf158c16aa0c095291727aaef