CVE-2025-40359
- Source
- https://cve.org/CVERecord?id=CVE-2025-40359
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40359.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-40359
- Downstream
- Related
- Published
- 2025-12-16T13:39:58.778Z
- Modified
- 2026-03-20T12:43:16.564788Z
- Summary
- perf/x86/intel: Fix KASAN global-out-of-bounds warning
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
perf/x86/intel: Fix KASAN global-out-of-bounds warning
When running "perf mem record" command on CWF, the below KASAN global-out-of-bounds warning is seen.
================================================================== BUG: KASAN: global-out-of-bounds in cmtlatencydata+0x176/0x1b0 Read of size 4 at addr ffffffffb721d000 by task dtlb/9850
Call Trace:
kasanreport+0xb8/0xf0 cmtlatencydata+0x176/0x1b0 setuparchpebssampledata+0xf49/0x2560 intelpmudrainarchpebs+0x577/0xb00 handlepmi_common+0x6c4/0xc80
The issue is caused by below code in __grtlatencydata(). The code tries to access x86hybridpmu structure which doesn't exist on non-hybrid platform like CWF.
WARN_ON_ONCE(hybrid_pmu(event->pmu)->pmu_type == hybrid_big)So add ishybrid() check before calling this WARNON_ONCE to fix the global-out-of-bounds access issue.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40359.json" }- References
-
- https://git.kernel.org/stable/c/0ba6502ce167fc3d598c08c2cc3b4ed7ca5aa251
- https://git.kernel.org/stable/c/1b61a1da3d8105ea1be548c94c2856697eb7ffd1
- https://git.kernel.org/stable/c/710a72e81a7028e1ad1a10eb14f941f8dd45ffd3
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40359.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-40359
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git