CVE-2025-68375

In the Linux kernel, the following vulnerability has been resolved:

perf/x86: Fix NULL event access and potential PEBS record loss

When intelpmudrainpebsicl() is called to drain PEBS records, the perfeventoverflow() could be called to process the last PEBS record.

While perfeventoverflow() could trigger the interrupt throttle and stop all events of the group, like what the below call-chain shows.

perfeventoverflow() -> __perfeventoverflow() ->__perfeventaccountinterrupt() -> perfeventthrottlegroup() -> perfeventthrottle() -> event->pmu->stop() -> x86pmustop()

The side effect of stopping the events is that all corresponding event pointers in cpuc->events[] array are cleared to NULL.

Assume there are two PEBS events (event a and event b) in a group. When intelpmudrainpebsicl() calls perfeventoverflow() to process the last PEBS record of PEBS event a, interrupt throttle is triggered and all pointers of event a and event b are cleared to NULL. Then intelpmudrainpebsicl() tries to process the last PEBS record of event b and encounters NULL pointer access.

To avoid this issue, move cpuc->events[] clearing from x86pmustop() to x86pmudel(). It's safe since cpuc->activemask or cpuc->pebsenabled is always checked before access the event pointer from cpuc->events[].