CVE-2025-21895 (GCVE-0-2025-21895)
Vulnerability from cvelistv5
Published
2025-04-01 15:26
Modified
2025-05-04 07:23
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list Syskaller triggers a warning due to prev_epc->pmu != next_epc->pmu in perf_event_swap_task_ctx_data(). vmcore shows that two lists have the same perf_event_pmu_context, but not in the same order. The problem is that the order of pmu_ctx_list for the parent is impacted by the time when an event/PMU is added. While the order for a child is impacted by the event order in the pinned_groups and flexible_groups. So the order of pmu_ctx_list in the parent and child may be different. To fix this problem, insert the perf_event_pmu_context to its proper place after iteration of the pmu_ctx_list. The follow testcase can trigger above warning: # perf record -e cycles --call-graph lbr -- taskset -c 3 ./a.out & # perf stat -e cpu-clock,cs -p xxx // xxx is the pid of a.out test.c void main() { int count = 0; pid_t pid; printf("%d running\n", getpid()); sleep(30); printf("running\n"); pid = fork(); if (pid == -1) { printf("fork error\n"); return; } if (pid == 0) { while (1) { count++; } } else { while (1) { count++; } } } The testcase first opens an LBR event, so it will allocate task_ctx_data, and then open tracepoint and software events, so the parent context will have 3 different perf_event_pmu_contexts. On inheritance, child ctx will insert the perf_event_pmu_context in another order and the warning will trigger. [ mingo: Tidied up the changelog. ]
References
Impacted products
Vendor Product Version
Linux Linux Version: bd27568117664b8b3e259721393df420ed51f57b
Version: bd27568117664b8b3e259721393df420ed51f57b
Version: bd27568117664b8b3e259721393df420ed51f57b
Version: bd27568117664b8b3e259721393df420ed51f57b
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/events/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f0c3971405cef6892844016aa710121a02da3a23",
              "status": "affected",
              "version": "bd27568117664b8b3e259721393df420ed51f57b",
              "versionType": "git"
            },
            {
              "lessThan": "7d582eb6e4e100959ba07083d7563453c8c2a343",
              "status": "affected",
              "version": "bd27568117664b8b3e259721393df420ed51f57b",
              "versionType": "git"
            },
            {
              "lessThan": "3e812a70732d84b7873cea61a7f6349b9a9dcbf5",
              "status": "affected",
              "version": "bd27568117664b8b3e259721393df420ed51f57b",
              "versionType": "git"
            },
            {
              "lessThan": "2016066c66192a99d9e0ebf433789c490a6785a2",
              "status": "affected",
              "version": "bd27568117664b8b3e259721393df420ed51f57b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/events/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "lessThan": "6.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.81",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.18",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.6",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Order the PMU list to fix warning about unordered pmu_ctx_list\n\nSyskaller triggers a warning due to prev_epc-\u003epmu != next_epc-\u003epmu in\nperf_event_swap_task_ctx_data(). vmcore shows that two lists have the same\nperf_event_pmu_context, but not in the same order.\n\nThe problem is that the order of pmu_ctx_list for the parent is impacted by\nthe time when an event/PMU is added. While the order for a child is\nimpacted by the event order in the pinned_groups and flexible_groups. So\nthe order of pmu_ctx_list in the parent and child may be different.\n\nTo fix this problem, insert the perf_event_pmu_context to its proper place\nafter iteration of the pmu_ctx_list.\n\nThe follow testcase can trigger above warning:\n\n # perf record -e cycles --call-graph lbr -- taskset -c 3 ./a.out \u0026\n # perf stat -e cpu-clock,cs -p xxx // xxx is the pid of a.out\n\n test.c\n\n void main() {\n        int count = 0;\n        pid_t pid;\n\n        printf(\"%d running\\n\", getpid());\n        sleep(30);\n        printf(\"running\\n\");\n\n        pid = fork();\n        if (pid == -1) {\n                printf(\"fork error\\n\");\n                return;\n        }\n        if (pid == 0) {\n                while (1) {\n                        count++;\n                }\n        } else {\n                while (1) {\n                        count++;\n                }\n        }\n }\n\nThe testcase first opens an LBR event, so it will allocate task_ctx_data,\nand then open tracepoint and software events, so the parent context will\nhave 3 different perf_event_pmu_contexts. On inheritance, child ctx will\ninsert the perf_event_pmu_context in another order and the warning will\ntrigger.\n\n[ mingo: Tidied up the changelog. ]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:23:42.762Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f0c3971405cef6892844016aa710121a02da3a23"
        },
        {
          "url": "https://git.kernel.org/stable/c/7d582eb6e4e100959ba07083d7563453c8c2a343"
        },
        {
          "url": "https://git.kernel.org/stable/c/3e812a70732d84b7873cea61a7f6349b9a9dcbf5"
        },
        {
          "url": "https://git.kernel.org/stable/c/2016066c66192a99d9e0ebf433789c490a6785a2"
        }
      ],
      "title": "perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21895",
    "datePublished": "2025-04-01T15:26:48.607Z",
    "dateReserved": "2024-12-29T08:45:45.783Z",
    "dateUpdated": "2025-05-04T07:23:42.762Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-21895\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-04-01T16:15:19.883\",\"lastModified\":\"2025-04-01T20:26:01.990\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nperf/core: Order the PMU list to fix warning about unordered pmu_ctx_list\\n\\nSyskaller triggers a warning due to prev_epc-\u003epmu != next_epc-\u003epmu in\\nperf_event_swap_task_ctx_data(). vmcore shows that two lists have the same\\nperf_event_pmu_context, but not in the same order.\\n\\nThe problem is that the order of pmu_ctx_list for the parent is impacted by\\nthe time when an event/PMU is added. While the order for a child is\\nimpacted by the event order in the pinned_groups and flexible_groups. So\\nthe order of pmu_ctx_list in the parent and child may be different.\\n\\nTo fix this problem, insert the perf_event_pmu_context to its proper place\\nafter iteration of the pmu_ctx_list.\\n\\nThe follow testcase can trigger above warning:\\n\\n # perf record -e cycles --call-graph lbr -- taskset -c 3 ./a.out \u0026\\n # perf stat -e cpu-clock,cs -p xxx // xxx is the pid of a.out\\n\\n test.c\\n\\n void main() {\\n        int count = 0;\\n        pid_t pid;\\n\\n        printf(\\\"%d running\\\\n\\\", getpid());\\n        sleep(30);\\n        printf(\\\"running\\\\n\\\");\\n\\n        pid = fork();\\n        if (pid == -1) {\\n                printf(\\\"fork error\\\\n\\\");\\n                return;\\n        }\\n        if (pid == 0) {\\n                while (1) {\\n                        count++;\\n                }\\n        } else {\\n                while (1) {\\n                        count++;\\n                }\\n        }\\n }\\n\\nThe testcase first opens an LBR event, so it will allocate task_ctx_data,\\nand then open tracepoint and software events, so the parent context will\\nhave 3 different perf_event_pmu_contexts. On inheritance, child ctx will\\ninsert the perf_event_pmu_context in another order and the warning will\\ntrigger.\\n\\n[ mingo: Tidied up the changelog. ]\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2016066c66192a99d9e0ebf433789c490a6785a2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3e812a70732d84b7873cea61a7f6349b9a9dcbf5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7d582eb6e4e100959ba07083d7563453c8c2a343\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f0c3971405cef6892844016aa710121a02da3a23\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.