{"vulnerability": "CVE-2025-37878", "sightings": [{"uuid": "21e2996c-c9e0-4f73-8d9e-8ce3c8779e32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37878", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "a128727b-3c60-4f99-bd77-b27ba3a832a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37878", "type": "seen", "source": "https://t.me/cvedetector/24932", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-37878 - Linux Kernel Perf Core Context Assignment Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-37878 \nPublished : May 9, 2025, 7:16 a.m. | 44\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nperf/core: Fix WARN_ON(!ctx) in __free_event() for partial init  \n  \nMove the get_ctx(child_ctx) call and the child_event->ctx assignment to  \noccur immediately after the child event is allocated. Ensure that  \nchild_event->ctx is non-NULL before any subsequent error path within  \ninherit_event calls free_event(), satisfying the assumptions of the  \ncleanup code.  \n  \nDetails:  \n  \nThere's no clear Fixes tag, because this bug is a side-effect of  \nmultiple interacting commits over time (up to 15 years old), not  \na single regression.  \n  \nThe code initially incremented refcount then assigned context  \nimmediately after the child_event was created. Later, an early  \nvalidity check for child_event was added before the  \nrefcount/assignment. Even later, a WARN_ON_ONCE() cleanup check was  \nadded, assuming event->ctx is valid if the pmu_ctx is valid.  \nThe problem is that the WARN_ON_ONCE() could trigger after the initial  \ncheck passed but before child_event->ctx was assigned, violating its  \nprecondition. The solution is to assign child_event->ctx right after  \nits initial validation. This ensures the context exists for any  \nsubsequent checks or cleanup routines, resolving the WARN_ON_ONCE().  \n  \nTo resolve it, defer the refcount update and child_event->ctx assignment  \ndirectly after child_event->pmu_ctx is set but before checking if the  \nparent event is orphaned. The cleanup routine depends on  \nevent->pmu_ctx being non-NULL before it verifies event->ctx is  \nnon-NULL. This also maintains the author's original intent of passing  \nin child_ctx to find_get_pmu_context before its refcount/assignment.  \n  \n[ mingo: Expanded the changelog from another email by Gabriel Shahrouzi. ] \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-09T10:22:00.000000Z"}, {"uuid": "bd123e17-939b-4d1f-98dc-f47387bfcefc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37878", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "0dc82b9c-8467-4695-93a1-e7a59f861487", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-37878", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15694", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-37878\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Fix WARN_ON(!ctx) in __free_event() for partial init\n\nMove the get_ctx(child_ctx) call and the child_event->ctx assignment to\noccur immediately after the child event is allocated. Ensure that\nchild_event->ctx is non-NULL before any subsequent error path within\ninherit_event calls free_event(), satisfying the assumptions of the\ncleanup code.\n\nDetails:\n\nThere's no clear Fixes tag, because this bug is a side-effect of\nmultiple interacting commits over time (up to 15 years old), not\na single regression.\n\nThe code initially incremented refcount then assigned context\nimmediately after the child_event was created. Later, an early\nvalidity check for child_event was added before the\nrefcount/assignment. Even later, a WARN_ON_ONCE() cleanup check was\nadded, assuming event->ctx is valid if the pmu_ctx is valid.\nThe problem is that the WARN_ON_ONCE() could trigger after the initial\ncheck passed but before child_event->ctx was assigned, violating its\nprecondition. The solution is to assign child_event->ctx right after\nits initial validation. This ensures the context exists for any\nsubsequent checks or cleanup routines, resolving the WARN_ON_ONCE().\n\nTo resolve it, defer the refcount update and child_event->ctx assignment\ndirectly after child_event->pmu_ctx is set but before checking if the\nparent event is orphaned. The cleanup routine depends on\nevent->pmu_ctx being non-NULL before it verifies event->ctx is\nnon-NULL. This also maintains the author's original intent of passing\nin child_ctx to find_get_pmu_context before its refcount/assignment.\n\n[ mingo: Expanded the changelog from another email by Gabriel Shahrouzi. ]\n\ud83d\udccf Published: 2025-05-09T06:45:42.459Z\n\ud83d\udccf Modified: 2025-05-09T06:45:42.459Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/1fe9b92eede32574dbe05b5bdb6ad666b350bed0\n2. https://git.kernel.org/stable/c/90dc6c1e3b200812da8d0aa030e1b7fda8226d0e\n3. https://git.kernel.org/stable/c/cb56cd11feabf99e08bc18960700a53322ffcea7\n4. https://git.kernel.org/stable/c/0ba3a4ab76fd3367b9cb680cad70182c896c795c", "creation_timestamp": "2025-05-09T07:25:40.000000Z"}]}