CVE-2025-68798
- Source
- https://cve.org/CVERecord?id=CVE-2025-68798
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68798.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-68798
- Downstream
- Related
- Published
- 2026-01-13T15:29:08.329Z
- Modified
- 2026-03-12T04:31:56.808819Z
- Summary
- perf/x86/amd: Check event before enable to avoid GPF
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
perf/x86/amd: Check event before enable to avoid GPF
On AMD machines cpuc->events[idx] can become NULL in a subtle race condition with NMI->throttle->x86pmustop().
Check event for NULL in amdpmuenable_all() before enable to avoid a GPF. This appears to be an AMD only issue.
Syzkaller reported a GPF in amdpmuenable_all.
INFO: NMI handler (perfeventnmihandler) took too long to run: 13.143 msecs Oops: general protection fault, probably for non-canonical address 0xdffffc0000000034: 0000 PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x00000000000001a0-0x00000000000001a7] CPU: 0 UID: 0 PID: 328415 Comm: repro36674776 Not tainted 6.12.0-rc1-syzk RIP: 0010:x86pmuenableevent (arch/x86/events/perfevent.h:1195 arch/x86/events/core.c:1430) RSP: 0018:ffff888118009d60 EFLAGS: 00010012 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000034 RSI: 0000000000000000 RDI: 00000000000001a0 RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000002 R13: ffff88811802a440 R14: ffff88811802a240 R15: ffff8881132d8601 FS: 00007f097dfaa700(0000) GS:ffff888118000000(0000) GS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000200001c0 CR3: 0000000103d56000 CR4: 00000000000006f0 Call Trace: <IRQ> amdpmuenableall (arch/x86/events/amd/core.c:760 (discriminator 2)) x86pmuenable (arch/x86/events/core.c:1360) eventsched_out (kernel/events/core.c:1191 kernel/events/core.c:1186 kernel/events/core.c:2346) __perfremovefromcontext (kernel/events/core.c:2435) eventfunction (kernel/events/core.c:259) remote_function (kernel/events/core.c:92 (discriminator 1) kernel/events/core.c:72 (discriminator 1)) __flushsmpcallfunctionqueue (./arch/x86/include/asm/jumplabel.h:27 ./include/linux/jumplabel.h:207 ./include/trace/events/csd.h:64 kernel/smp.c:135 kernel/smp.c:540) _sysveccallfunctionsingle (./arch/x86/include/asm/jumplabel.h:27 ./include/linux/jumplabel.h:207 ./arch/x86/include/asm/trace/irqvectors.h:99 arch/x86/kernel/smp.c:272) sysveccallfunctionsingle (arch/x86/kernel/smp.c:266 (discriminator 47) arch/x86/kernel/smp.c:266 (discriminator 47)) </IRQ>
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68798.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/43c2e5c2acaae50e99d1c20a5a46e367c442fb3b
- https://git.kernel.org/stable/c/49324a0c40f7e9bae1bd0362d23fc42232e14621
- https://git.kernel.org/stable/c/6e41d9ec8d7cc3f01b9ba785e05f0ebef8b3b37f
- https://git.kernel.org/stable/c/866cf36bfee4fba6a492d2dcc5133f857e3446b0
- https://git.kernel.org/stable/c/e1028fb38b328084bc683a4efb001c95d3108573
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68798.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-68798
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedada543459cab7f653dcacdaba4011a8bb19c627cFixed49324a0c40f7e9bae1bd0362d23fc42232e14621Fixed6e41d9ec8d7cc3f01b9ba785e05f0ebef8b3b37fFixede1028fb38b328084bc683a4efb001c95d3108573Fixed43c2e5c2acaae50e99d1c20a5a46e367c442fb3bFixed866cf36bfee4fba6a492d2dcc5133f857e3446b0