CVE-2025-40042 (GCVE-0-2025-40042)

Vulnerability from cvelistv5 – Published: 2025-10-28 11:48 – Updated: 2026-05-11 21:41
VLAI
Title
tracing: Fix race condition in kprobe initialization causing NULL pointer dereference
Summary
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference There is a critical race condition in kprobe initialization that can lead to NULL pointer dereference and kernel crash. [1135630.084782] Unable to handle kernel paging request at virtual address 0000710a04630000 ... [1135630.260314] pstate: 404003c9 (nZcv DAIF +PAN -UAO) [1135630.269239] pc : kprobe_perf_func+0x30/0x260 [1135630.277643] lr : kprobe_dispatcher+0x44/0x60 [1135630.286041] sp : ffffaeff4977fa40 [1135630.293441] x29: ffffaeff4977fa40 x28: ffffaf015340e400 [1135630.302837] x27: 0000000000000000 x26: 0000000000000000 [1135630.312257] x25: ffffaf029ed108a8 x24: ffffaf015340e528 [1135630.321705] x23: ffffaeff4977fc50 x22: ffffaeff4977fc50 [1135630.331154] x21: 0000000000000000 x20: ffffaeff4977fc50 [1135630.340586] x19: ffffaf015340e400 x18: 0000000000000000 [1135630.349985] x17: 0000000000000000 x16: 0000000000000000 [1135630.359285] x15: 0000000000000000 x14: 0000000000000000 [1135630.368445] x13: 0000000000000000 x12: 0000000000000000 [1135630.377473] x11: 0000000000000000 x10: 0000000000000000 [1135630.386411] x9 : 0000000000000000 x8 : 0000000000000000 [1135630.395252] x7 : 0000000000000000 x6 : 0000000000000000 [1135630.403963] x5 : 0000000000000000 x4 : 0000000000000000 [1135630.412545] x3 : 0000710a04630000 x2 : 0000000000000006 [1135630.421021] x1 : ffffaeff4977fc50 x0 : 0000710a04630000 [1135630.429410] Call trace: [1135630.434828] kprobe_perf_func+0x30/0x260 [1135630.441661] kprobe_dispatcher+0x44/0x60 [1135630.448396] aggr_pre_handler+0x70/0xc8 [1135630.454959] kprobe_breakpoint_handler+0x140/0x1e0 [1135630.462435] brk_handler+0xbc/0xd8 [1135630.468437] do_debug_exception+0x84/0x138 [1135630.475074] el1_dbg+0x18/0x8c [1135630.480582] security_file_permission+0x0/0xd0 [1135630.487426] vfs_write+0x70/0x1c0 [1135630.493059] ksys_write+0x5c/0xc8 [1135630.498638] __arm64_sys_write+0x24/0x30 [1135630.504821] el0_svc_common+0x78/0x130 [1135630.510838] el0_svc_handler+0x38/0x78 [1135630.516834] el0_svc+0x8/0x1b0 kernel/trace/trace_kprobe.c: 1308 0xffff3df8995039ec <kprobe_perf_func+0x2c>: ldr x21, [x24,#120] include/linux/compiler.h: 294 0xffff3df8995039f0 <kprobe_perf_func+0x30>: ldr x1, [x21,x0] kernel/trace/trace_kprobe.c 1308: head = this_cpu_ptr(call->perf_events); 1309: if (hlist_empty(head)) 1310: return 0; crash> struct trace_event_call -o struct trace_event_call { ... [120] struct hlist_head *perf_events; //(call->perf_event) ... } crash> struct trace_event_call ffffaf015340e528 struct trace_event_call { ... perf_events = 0xffff0ad5fa89f088, //this value is correct, but x21 = 0 ... } Race Condition Analysis: The race occurs between kprobe activation and perf_events initialization: CPU0 CPU1 ==== ==== perf_kprobe_init perf_trace_event_init tp_event->perf_events = list;(1) tp_event->class->reg (2)← KPROBE ACTIVE Debug exception triggers ... kprobe_dispatcher kprobe_perf_func (tk->tp.flags & TP_FLAG_PROFILE) head = this_cpu_ptr(call->perf_events)(3) (perf_events is still NULL) Problem: 1. CPU0 executes (1) assigning tp_event->perf_events = list 2. CPU0 executes (2) enabling kprobe functionality via class->reg() 3. CPU1 triggers and reaches kprobe_dispatcher 4. CPU1 checks TP_FLAG_PROFILE - condition passes (step 2 completed) 5. CPU1 calls kprobe_perf_func() and crashes at (3) because call->perf_events is still NULL CPU1 sees that kprobe functionality is enabled but does not see that perf_events has been assigned. Add pairing read an ---truncated---
Severity
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 50d780560785b068c358675c5f0bf6c83b5c373e , < 07926ce598a95de6fd874a74fb510e2ebdfd0aae (git)
Affected: 50d780560785b068c358675c5f0bf6c83b5c373e , < 9c4951b691bb8d7a004acd010f45144391f85ea6 (git)
Affected: 50d780560785b068c358675c5f0bf6c83b5c373e , < 95dd33361061f808d1f68616d69ada639e737cfa (git)
Affected: 50d780560785b068c358675c5f0bf6c83b5c373e , < a6e89ada1ff6b70df73f579071ffa6ade8ae7f98 (git)
Affected: 50d780560785b068c358675c5f0bf6c83b5c373e , < 1a301228c0a8aedc3154fb1a274456f487416b96 (git)
Affected: 50d780560785b068c358675c5f0bf6c83b5c373e , < 0fa388ab2c290ef1115ff88ae88e881d0fb2db02 (git)
Affected: 50d780560785b068c358675c5f0bf6c83b5c373e , < 5ebea6561649d30ec7a18fea23d7f76738dae916 (git)
Affected: 50d780560785b068c358675c5f0bf6c83b5c373e , < 9cf9aa7b0acfde7545c1a1d912576e9bab28dc6f (git)
Create a notification for this product.
Linux Linux Affected: 2.6.33
Unaffected: 0 , < 2.6.33 (semver)
Unaffected: 5.4.301 , ≤ 5.4.* (semver)
Unaffected: 5.10.246 , ≤ 5.10.* (semver)
Unaffected: 5.15.195 , ≤ 5.15.* (semver)
Unaffected: 6.1.157 , ≤ 6.1.* (semver)
Unaffected: 6.6.113 , ≤ 6.6.* (semver)
Unaffected: 6.12.54 , ≤ 6.12.* (semver)
Unaffected: 6.17.3 , ≤ 6.17.* (semver)
Unaffected: 6.18 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/trace_fprobe.c",
            "kernel/trace/trace_kprobe.c",
            "kernel/trace/trace_probe.h",
            "kernel/trace/trace_uprobe.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "07926ce598a95de6fd874a74fb510e2ebdfd0aae",
              "status": "affected",
              "version": "50d780560785b068c358675c5f0bf6c83b5c373e",
              "versionType": "git"
            },
            {
              "lessThan": "9c4951b691bb8d7a004acd010f45144391f85ea6",
              "status": "affected",
              "version": "50d780560785b068c358675c5f0bf6c83b5c373e",
              "versionType": "git"
            },
            {
              "lessThan": "95dd33361061f808d1f68616d69ada639e737cfa",
              "status": "affected",
              "version": "50d780560785b068c358675c5f0bf6c83b5c373e",
              "versionType": "git"
            },
            {
              "lessThan": "a6e89ada1ff6b70df73f579071ffa6ade8ae7f98",
              "status": "affected",
              "version": "50d780560785b068c358675c5f0bf6c83b5c373e",
              "versionType": "git"
            },
            {
              "lessThan": "1a301228c0a8aedc3154fb1a274456f487416b96",
              "status": "affected",
              "version": "50d780560785b068c358675c5f0bf6c83b5c373e",
              "versionType": "git"
            },
            {
              "lessThan": "0fa388ab2c290ef1115ff88ae88e881d0fb2db02",
              "status": "affected",
              "version": "50d780560785b068c358675c5f0bf6c83b5c373e",
              "versionType": "git"
            },
            {
              "lessThan": "5ebea6561649d30ec7a18fea23d7f76738dae916",
              "status": "affected",
              "version": "50d780560785b068c358675c5f0bf6c83b5c373e",
              "versionType": "git"
            },
            {
              "lessThan": "9cf9aa7b0acfde7545c1a1d912576e9bab28dc6f",
              "status": "affected",
              "version": "50d780560785b068c358675c5f0bf6c83b5c373e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/trace_fprobe.c",
            "kernel/trace/trace_kprobe.c",
            "kernel/trace/trace_probe.h",
            "kernel/trace/trace_uprobe.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.33"
            },
            {
              "lessThan": "2.6.33",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.301",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.246",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.195",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.301",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.246",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.195",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.157",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.113",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.54",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.3",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "2.6.33",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix race condition in kprobe initialization causing NULL pointer dereference\n\nThere is a critical race condition in kprobe initialization that can lead to\nNULL pointer dereference and kernel crash.\n\n[1135630.084782] Unable to handle kernel paging request at virtual address 0000710a04630000\n...\n[1135630.260314] pstate: 404003c9 (nZcv DAIF +PAN -UAO)\n[1135630.269239] pc : kprobe_perf_func+0x30/0x260\n[1135630.277643] lr : kprobe_dispatcher+0x44/0x60\n[1135630.286041] sp : ffffaeff4977fa40\n[1135630.293441] x29: ffffaeff4977fa40 x28: ffffaf015340e400\n[1135630.302837] x27: 0000000000000000 x26: 0000000000000000\n[1135630.312257] x25: ffffaf029ed108a8 x24: ffffaf015340e528\n[1135630.321705] x23: ffffaeff4977fc50 x22: ffffaeff4977fc50\n[1135630.331154] x21: 0000000000000000 x20: ffffaeff4977fc50\n[1135630.340586] x19: ffffaf015340e400 x18: 0000000000000000\n[1135630.349985] x17: 0000000000000000 x16: 0000000000000000\n[1135630.359285] x15: 0000000000000000 x14: 0000000000000000\n[1135630.368445] x13: 0000000000000000 x12: 0000000000000000\n[1135630.377473] x11: 0000000000000000 x10: 0000000000000000\n[1135630.386411] x9 : 0000000000000000 x8 : 0000000000000000\n[1135630.395252] x7 : 0000000000000000 x6 : 0000000000000000\n[1135630.403963] x5 : 0000000000000000 x4 : 0000000000000000\n[1135630.412545] x3 : 0000710a04630000 x2 : 0000000000000006\n[1135630.421021] x1 : ffffaeff4977fc50 x0 : 0000710a04630000\n[1135630.429410] Call trace:\n[1135630.434828]  kprobe_perf_func+0x30/0x260\n[1135630.441661]  kprobe_dispatcher+0x44/0x60\n[1135630.448396]  aggr_pre_handler+0x70/0xc8\n[1135630.454959]  kprobe_breakpoint_handler+0x140/0x1e0\n[1135630.462435]  brk_handler+0xbc/0xd8\n[1135630.468437]  do_debug_exception+0x84/0x138\n[1135630.475074]  el1_dbg+0x18/0x8c\n[1135630.480582]  security_file_permission+0x0/0xd0\n[1135630.487426]  vfs_write+0x70/0x1c0\n[1135630.493059]  ksys_write+0x5c/0xc8\n[1135630.498638]  __arm64_sys_write+0x24/0x30\n[1135630.504821]  el0_svc_common+0x78/0x130\n[1135630.510838]  el0_svc_handler+0x38/0x78\n[1135630.516834]  el0_svc+0x8/0x1b0\n\nkernel/trace/trace_kprobe.c: 1308\n0xffff3df8995039ec \u003ckprobe_perf_func+0x2c\u003e:     ldr     x21, [x24,#120]\ninclude/linux/compiler.h: 294\n0xffff3df8995039f0 \u003ckprobe_perf_func+0x30\u003e:     ldr     x1, [x21,x0]\n\nkernel/trace/trace_kprobe.c\n1308: head = this_cpu_ptr(call-\u003eperf_events);\n1309: if (hlist_empty(head))\n1310: \treturn 0;\n\ncrash\u003e struct trace_event_call -o\nstruct trace_event_call {\n  ...\n  [120] struct hlist_head *perf_events;  //(call-\u003eperf_event)\n  ...\n}\n\ncrash\u003e struct trace_event_call ffffaf015340e528\nstruct trace_event_call {\n  ...\n  perf_events = 0xffff0ad5fa89f088, //this value is correct, but x21 = 0\n  ...\n}\n\nRace Condition Analysis:\n\nThe race occurs between kprobe activation and perf_events initialization:\n\n  CPU0                                    CPU1\n  ====                                    ====\n  perf_kprobe_init\n    perf_trace_event_init\n      tp_event-\u003eperf_events = list;(1)\n      tp_event-\u003eclass-\u003ereg (2)\u2190 KPROBE ACTIVE\n                                          Debug exception triggers\n                                          ...\n                                          kprobe_dispatcher\n                                            kprobe_perf_func (tk-\u003etp.flags \u0026 TP_FLAG_PROFILE)\n                                              head = this_cpu_ptr(call-\u003eperf_events)(3)\n                                              (perf_events is still NULL)\n\nProblem:\n1. CPU0 executes (1) assigning tp_event-\u003eperf_events = list\n2. CPU0 executes (2) enabling kprobe functionality via class-\u003ereg()\n3. CPU1 triggers and reaches kprobe_dispatcher\n4. CPU1 checks TP_FLAG_PROFILE - condition passes (step 2 completed)\n5. CPU1 calls kprobe_perf_func() and crashes at (3) because\n   call-\u003eperf_events is still NULL\n\nCPU1 sees that kprobe functionality is enabled but does not see that\nperf_events has been assigned.\n\nAdd pairing read an\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T21:41:21.533Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/07926ce598a95de6fd874a74fb510e2ebdfd0aae"
        },
        {
          "url": "https://git.kernel.org/stable/c/9c4951b691bb8d7a004acd010f45144391f85ea6"
        },
        {
          "url": "https://git.kernel.org/stable/c/95dd33361061f808d1f68616d69ada639e737cfa"
        },
        {
          "url": "https://git.kernel.org/stable/c/a6e89ada1ff6b70df73f579071ffa6ade8ae7f98"
        },
        {
          "url": "https://git.kernel.org/stable/c/1a301228c0a8aedc3154fb1a274456f487416b96"
        },
        {
          "url": "https://git.kernel.org/stable/c/0fa388ab2c290ef1115ff88ae88e881d0fb2db02"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ebea6561649d30ec7a18fea23d7f76738dae916"
        },
        {
          "url": "https://git.kernel.org/stable/c/9cf9aa7b0acfde7545c1a1d912576e9bab28dc6f"
        }
      ],
      "title": "tracing: Fix race condition in kprobe initialization causing NULL pointer dereference",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40042",
    "datePublished": "2025-10-28T11:48:21.638Z",
    "dateReserved": "2025-04-16T07:20:57.154Z",
    "dateUpdated": "2026-05-11T21:41:21.533Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-40042",
      "date": "2026-06-08",
      "epss": "0.00063",
      "percentile": "0.19893"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-40042\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-10-28T12:15:38.207\",\"lastModified\":\"2025-10-30T15:05:32.197\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntracing: Fix race condition in kprobe initialization causing NULL pointer dereference\\n\\nThere is a critical race condition in kprobe initialization that can lead to\\nNULL pointer dereference and kernel crash.\\n\\n[1135630.084782] Unable to handle kernel paging request at virtual address 0000710a04630000\\n...\\n[1135630.260314] pstate: 404003c9 (nZcv DAIF +PAN -UAO)\\n[1135630.269239] pc : kprobe_perf_func+0x30/0x260\\n[1135630.277643] lr : kprobe_dispatcher+0x44/0x60\\n[1135630.286041] sp : ffffaeff4977fa40\\n[1135630.293441] x29: ffffaeff4977fa40 x28: ffffaf015340e400\\n[1135630.302837] x27: 0000000000000000 x26: 0000000000000000\\n[1135630.312257] x25: ffffaf029ed108a8 x24: ffffaf015340e528\\n[1135630.321705] x23: ffffaeff4977fc50 x22: ffffaeff4977fc50\\n[1135630.331154] x21: 0000000000000000 x20: ffffaeff4977fc50\\n[1135630.340586] x19: ffffaf015340e400 x18: 0000000000000000\\n[1135630.349985] x17: 0000000000000000 x16: 0000000000000000\\n[1135630.359285] x15: 0000000000000000 x14: 0000000000000000\\n[1135630.368445] x13: 0000000000000000 x12: 0000000000000000\\n[1135630.377473] x11: 0000000000000000 x10: 0000000000000000\\n[1135630.386411] x9 : 0000000000000000 x8 : 0000000000000000\\n[1135630.395252] x7 : 0000000000000000 x6 : 0000000000000000\\n[1135630.403963] x5 : 0000000000000000 x4 : 0000000000000000\\n[1135630.412545] x3 : 0000710a04630000 x2 : 0000000000000006\\n[1135630.421021] x1 : ffffaeff4977fc50 x0 : 0000710a04630000\\n[1135630.429410] Call trace:\\n[1135630.434828]  kprobe_perf_func+0x30/0x260\\n[1135630.441661]  kprobe_dispatcher+0x44/0x60\\n[1135630.448396]  aggr_pre_handler+0x70/0xc8\\n[1135630.454959]  kprobe_breakpoint_handler+0x140/0x1e0\\n[1135630.462435]  brk_handler+0xbc/0xd8\\n[1135630.468437]  do_debug_exception+0x84/0x138\\n[1135630.475074]  el1_dbg+0x18/0x8c\\n[1135630.480582]  security_file_permission+0x0/0xd0\\n[1135630.487426]  vfs_write+0x70/0x1c0\\n[1135630.493059]  ksys_write+0x5c/0xc8\\n[1135630.498638]  __arm64_sys_write+0x24/0x30\\n[1135630.504821]  el0_svc_common+0x78/0x130\\n[1135630.510838]  el0_svc_handler+0x38/0x78\\n[1135630.516834]  el0_svc+0x8/0x1b0\\n\\nkernel/trace/trace_kprobe.c: 1308\\n0xffff3df8995039ec \u003ckprobe_perf_func+0x2c\u003e:     ldr     x21, [x24,#120]\\ninclude/linux/compiler.h: 294\\n0xffff3df8995039f0 \u003ckprobe_perf_func+0x30\u003e:     ldr     x1, [x21,x0]\\n\\nkernel/trace/trace_kprobe.c\\n1308: head = this_cpu_ptr(call-\u003eperf_events);\\n1309: if (hlist_empty(head))\\n1310: \\treturn 0;\\n\\ncrash\u003e struct trace_event_call -o\\nstruct trace_event_call {\\n  ...\\n  [120] struct hlist_head *perf_events;  //(call-\u003eperf_event)\\n  ...\\n}\\n\\ncrash\u003e struct trace_event_call ffffaf015340e528\\nstruct trace_event_call {\\n  ...\\n  perf_events = 0xffff0ad5fa89f088, //this value is correct, but x21 = 0\\n  ...\\n}\\n\\nRace Condition Analysis:\\n\\nThe race occurs between kprobe activation and perf_events initialization:\\n\\n  CPU0                                    CPU1\\n  ====                                    ====\\n  perf_kprobe_init\\n    perf_trace_event_init\\n      tp_event-\u003eperf_events = list;(1)\\n      tp_event-\u003eclass-\u003ereg (2)\u2190 KPROBE ACTIVE\\n                                          Debug exception triggers\\n                                          ...\\n                                          kprobe_dispatcher\\n                                            kprobe_perf_func (tk-\u003etp.flags \u0026 TP_FLAG_PROFILE)\\n                                              head = this_cpu_ptr(call-\u003eperf_events)(3)\\n                                              (perf_events is still NULL)\\n\\nProblem:\\n1. CPU0 executes (1) assigning tp_event-\u003eperf_events = list\\n2. CPU0 executes (2) enabling kprobe functionality via class-\u003ereg()\\n3. CPU1 triggers and reaches kprobe_dispatcher\\n4. CPU1 checks TP_FLAG_PROFILE - condition passes (step 2 completed)\\n5. CPU1 calls kprobe_perf_func() and crashes at (3) because\\n   call-\u003eperf_events is still NULL\\n\\nCPU1 sees that kprobe functionality is enabled but does not see that\\nperf_events has been assigned.\\n\\nAdd pairing read an\\n---truncated---\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/07926ce598a95de6fd874a74fb510e2ebdfd0aae\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/0fa388ab2c290ef1115ff88ae88e881d0fb2db02\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1a301228c0a8aedc3154fb1a274456f487416b96\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5ebea6561649d30ec7a18fea23d7f76738dae916\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/95dd33361061f808d1f68616d69ada639e737cfa\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9c4951b691bb8d7a004acd010f45144391f85ea6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9cf9aa7b0acfde7545c1a1d912576e9bab28dc6f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a6e89ada1ff6b70df73f579071ffa6ade8ae7f98\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.