fkie_cve-2025-22094
Vulnerability from fkie_nvd
Published
2025-04-16 15:16
Modified
2025-04-17 20:22
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/perf: Fix ref-counting on the PMU 'vpa_pmu'
Commit 176cda0619b6 ("powerpc/perf: Add perf interface to expose vpa
counters") introduced 'vpa_pmu' to expose Book3s-HV nested APIv2 provided
L1<->L2 context switch latency counters to L1 user-space via
perf-events. However the newly introduced PMU named 'vpa_pmu' doesn't
assign ownership of the PMU to the module 'vpa_pmu'. Consequently the
module 'vpa_pmu' can be unloaded while one of the perf-events are still
active, which can lead to kernel oops and panic of the form below on a
Pseries-LPAR:
BUG: Kernel NULL pointer dereference on read at 0x00000058
<snip>
NIP [c000000000506cb8] event_sched_out+0x40/0x258
LR [c00000000050e8a4] __perf_remove_from_context+0x7c/0x2b0
Call Trace:
[c00000025fc3fc30] [c00000025f8457a8] 0xc00000025f8457a8 (unreliable)
[c00000025fc3fc80] [fffffffffffffee0] 0xfffffffffffffee0
[c00000025fc3fcd0] [c000000000501e70] event_function+0xa8/0x120
<snip>
Kernel panic - not syncing: Aiee, killing interrupt handler!
Fix this by adding the module ownership to 'vpa_pmu' so that the module
'vpa_pmu' is ref-counted and prevented from being unloaded when perf-events
are initialized.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/perf: Fix ref-counting on the PMU \u0027vpa_pmu\u0027\n\nCommit 176cda0619b6 (\"powerpc/perf: Add perf interface to expose vpa\ncounters\") introduced \u0027vpa_pmu\u0027 to expose Book3s-HV nested APIv2 provided\nL1\u003c-\u003eL2 context switch latency counters to L1 user-space via\nperf-events. However the newly introduced PMU named \u0027vpa_pmu\u0027 doesn\u0027t\nassign ownership of the PMU to the module \u0027vpa_pmu\u0027. Consequently the\nmodule \u0027vpa_pmu\u0027 can be unloaded while one of the perf-events are still\nactive, which can lead to kernel oops and panic of the form below on a\nPseries-LPAR:\n\nBUG: Kernel NULL pointer dereference on read at 0x00000058\n\u003csnip\u003e\n NIP [c000000000506cb8] event_sched_out+0x40/0x258\n LR [c00000000050e8a4] __perf_remove_from_context+0x7c/0x2b0\n Call Trace:\n [c00000025fc3fc30] [c00000025f8457a8] 0xc00000025f8457a8 (unreliable)\n [c00000025fc3fc80] [fffffffffffffee0] 0xfffffffffffffee0\n [c00000025fc3fcd0] [c000000000501e70] event_function+0xa8/0x120\n\u003csnip\u003e\n Kernel panic - not syncing: Aiee, killing interrupt handler!\n\nFix this by adding the module ownership to \u0027vpa_pmu\u0027 so that the module\n\u0027vpa_pmu\u0027 is ref-counted and prevented from being unloaded when perf-events\nare initialized."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/perf: Se corrige el conteo de referencias en la PMU \u0027vpa_pmu\u0027. El commit 176cda0619b6 (\"powerpc/perf: A\u00f1adir interfaz perf para exponer contadores vpa\") introdujo \u0027vpa_pmu\u0027 para exponer los contadores de latencia de cambio de contexto L1\u0026lt;-\u0026gt;L2 proporcionados por la APIv2 anidada de Book3s-HV al espacio de usuario L1 mediante eventos perf. Sin embargo, la nueva PMU, denominada \u0027vpa_pmu\u0027, no asigna la propiedad de la PMU al m\u00f3dulo \u0027vpa_pmu\u0027. En consecuencia, el m\u00f3dulo \u0027vpa_pmu\u0027 se puede descargar mientras uno de los eventos de rendimiento a\u00fan est\u00e1 activo, lo que puede provocar errores y p\u00e1nico en el kernel del formato siguiente en un Pseries-LPAR: ERROR: Desreferencia de puntero NULL del kernel en lectura en 0x00000058 NIP [c000000000506cb8] event_sched_out+0x40/0x258 LR [c00000000050e8a4] __perf_remove_from_context+0x7c/0x2b0 Rastreo de llamadas: [c00000025fc3fc30] [c00000025f8457a8] 0xc00000025f8457a8 (no confiable) [c00000025fc3fc80] [ffffffffffffffee0] 0xffffffffffffffee0 [c00000025fc3fcd0] [c000000000501e70] event_function+0xa8/0x120 P\u00e1nico del kernel: no se sincroniza: \u00a1Ay, se est\u00e1 eliminando el controlador de interrupciones! Para solucionarlo, agregue la propiedad del m\u00f3dulo a \u0027vpa_pmu\u0027 para que se contabilice y se evite su descarga al inicializar eventos de rendimiento."
}
],
"id": "CVE-2025-22094",
"lastModified": "2025-04-17T20:22:16.240",
"metrics": {},
"published": "2025-04-16T15:16:03.593",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/6cf045b51e2c5721db7e55305f09ee32741e00f9"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/70ea7c5189197c6f5acdcfd8a2651be2c41e2faa"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/ff99d5b6a246715f2257123cdf6c4a29cb33aa78"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…