CVE-2022-50118

18.06.2025, 11:15

In the Linux kernel, the following vulnerability has been resolved:

powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable

commit 2c9ac51b850d ("powerpc/perf: Fix PMU callbacks to clear
pending PMI before resetting an overflown PMC") added a new
function "pmi_irq_pending" in hw_irq.h. This function is to check
if there is a PMI marked as pending in Paca (PACA_IRQ_PMI).This is
used in power_pmu_disable in a WARN_ON. The intention here is to
provide a warning if there is PMI pending, but no counter is found
overflown.

During some of the perf runs, below warning is hit:

WARNING: CPU: 36 PID: 0 at arch/powerpc/perf/core-book3s.c:1332 power_pmu_disable+0x25c/0x2c0
 Modules linked in:
 -----

 NIP [c000000000141c3c] power_pmu_disable+0x25c/0x2c0
 LR [c000000000141c8c] power_pmu_disable+0x2ac/0x2c0
 Call Trace:
 [c000000baffcfb90] [c000000000141c8c] power_pmu_disable+0x2ac/0x2c0 (unreliable)
 [c000000baffcfc10] [c0000000003e2f8c] perf_pmu_disable+0x4c/0x60
 [c000000baffcfc30] [c0000000003e3344] group_sched_out.part.124+0x44/0x100
 [c000000baffcfc80] [c0000000003e353c] __perf_event_disable+0x13c/0x240
 [c000000baffcfcd0] [c0000000003dd334] event_function+0xc4/0x140
 [c000000baffcfd20] [c0000000003d855c] remote_function+0x7c/0xa0
 [c000000baffcfd50] [c00000000026c394] flush_smp_call_function_queue+0xd4/0x300
 [c000000baffcfde0] [c000000000065b24] smp_ipi_demux_relaxed+0xa4/0x100
 [c000000baffcfe20] [c0000000000cb2b0] xive_muxed_ipi_action+0x20/0x40
 [c000000baffcfe40] [c000000000207c3c] __handle_irq_event_percpu+0x8c/0x250
 [c000000baffcfee0] [c000000000207e2c] handle_irq_event_percpu+0x2c/0xa0
 [c000000baffcff10] [c000000000210a04] handle_percpu_irq+0x84/0xc0
 [c000000baffcff40] [c000000000205f14] generic_handle_irq+0x54/0x80
 [c000000baffcff60] [c000000000015740] __do_irq+0x90/0x1d0
 [c000000baffcff90] [c000000000016990] __do_IRQ+0xc0/0x140
 [c0000009732f3940] [c000000bafceaca8] 0xc000000bafceaca8
 [c0000009732f39d0] [c000000000016b78] do_IRQ+0x168/0x1c0
 [c0000009732f3a00] [c0000000000090c8] hardware_interrupt_common_virt+0x218/0x220

This means that there is no PMC overflown among the active events
in the PMU, but there is a PMU pending in Paca. The function
"any_pmc_overflown" checks the PMCs on active events in
cpuhw->n_events. Code snippet:

<<>>
if (any_pmc_overflown(cpuhw))
 	clear_pmi_irq_pending();
 else
 	WARN_ON(pmi_irq_pending());
<<>>

Here the PMC overflown is not from active event. Example: When we do
perf record, default cycles and instructions will be running on PMC6
and PMC5 respectively. It could happen that overflowed event is currently
not active and pending PMI is for the inactive event. Debug logs from
trace_printk:

<<>>
any_pmc_overflown: idx is 5: pmc value is 0xd9a
power_pmu_disable: PMC1: 0x0, PMC2: 0x0, PMC3: 0x0, PMC4: 0x0, PMC5: 0xd9a, PMC6: 0x80002011
<<>>

Here active PMC (from idx) is PMC5 , but overflown PMC is PMC6(0x80002011).
When we handle PMI interrupt for such cases, if the PMC overflown is
from inactive event, it will be ignored. Reference commit:
commit bc09c219b2e6 ("powerpc/perf: Fix finding overflowed PMC in interrupt")

Patch addresses two changes:
1) Fix 1 : Removal of warning ( WARN_ON(pmi_irq_pending()); )
   We were printing warning if no PMC is found overflown among active PMU
   events, but PMI pending in PACA. But this could happen in cases where
   PMC overflown is not in active PMC. An inactive event could have caused
   the overflow. Hence the warning is not needed. To know pending PMI is
   from an inactive event, we need to loop through all PMC's which will
   cause more SPR reads via mfspr and increase in context switch. Also in
   existing function: perf_event_interrupt, already we ignore PMI's
   overflown when it is from an inactive PMC.

2) Fix 2: optimization in clearing pending PMI.
   Currently we check for any active PMC overflown before clearing PMI
   pending in Paca. This is causing additional SP
---truncated---

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 2%

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
bullseye (security)	5.10.237-1 fixed
bookworm	6.1.137-1 fixed
bookworm (security)	6.1.140-1 fixed
trixie (security)	6.12.31-1 fixed
sid	6.12.32-1 fixed
trixie	6.12.32-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

plucky	needs-triage
oracular	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	needs-triage

linux-allwinner-5.19

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-aws

plucky	needs-triage
oracular	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	needs-triage

linux-aws-5.0

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored

linux-aws-5.11

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-aws-5.13

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-aws-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-aws-5.19

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-aws-5.3

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored

linux-aws-5.4

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-aws-5.8

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-aws-6.2

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-aws-6.5

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-aws-6.8

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-aws-fips

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage

linux-aws-hwe

plucky	dne
oracular	dne
noble	dne
jammy	dne
xenial	needs-triage

linux-azure

plucky	needs-triage
oracular	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	ignored
xenial	needs-triage
trusty	needs-triage

linux-azure-4.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-azure-5.11

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-azure-5.13

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-azure-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-azure-5.19

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-azure-5.3

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored

linux-azure-5.4

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-azure-5.8

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-azure-6.11

plucky	dne
oracular	dne
noble	needs-triage
jammy	dne

linux-azure-6.2

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-azure-6.5

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-azure-6.8

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-azure-edge

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored

linux-azure-fde

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage
focal	ignored

linux-azure-fde-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-azure-fde-5.19

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-azure-fde-6.2

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-azure-fips

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage

linux-azure-nvidia

plucky	dne
oracular	dne
noble	needs-triage
jammy	dne

linux-bluefield

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-fips

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage

linux-gcp

plucky	needs-triage
oracular	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	ignored
xenial	needs-triage

linux-gcp-4.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-gcp-5.11

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-gcp-5.13

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-gcp-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-gcp-5.19

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-gcp-5.3

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored

linux-gcp-5.4

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-gcp-5.8

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-gcp-6.11

plucky	dne
oracular	dne
noble	needs-triage
jammy	dne

linux-gcp-6.2

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-gcp-6.5

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-gcp-6.8

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-gcp-fips

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage

linux-gke

plucky	dne
oracular	dne
noble	needs-triage
jammy	needs-triage
focal	ignored

linux-gke-4.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored

linux-gke-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-gke-5.4

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored

linux-gkeop

plucky	dne
oracular	dne
noble	needs-triage
jammy	needs-triage
focal	ignored

linux-gkeop-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-gkeop-5.4

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored

linux-hwe

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored
xenial	needs-triage

linux-hwe-5.11

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-hwe-5.13

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-hwe-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-hwe-5.19

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-hwe-5.4

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-hwe-5.8

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-hwe-6.11

plucky	dne
oracular	dne
noble	needs-triage
jammy	dne

linux-hwe-6.2

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-hwe-6.5

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-hwe-6.8

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-hwe-edge

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored
xenial	ignored

linux-ibm

plucky	dne
oracular	dne
noble	needs-triage
jammy	needs-triage
focal	needs-triage

linux-ibm-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-ibm-5.4

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-intel-5.13

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-intel-iot-realtime

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-intel-iotg

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-intel-iotg-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-iot

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-kvm

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage

linux-lowlatency

plucky	dne
oracular	needs-triage
noble	needs-triage
jammy	needs-triage

linux-lowlatency-hwe-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-lowlatency-hwe-5.19

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-lowlatency-hwe-6.11

plucky	dne
oracular	dne
noble	needs-triage
jammy	dne

linux-lowlatency-hwe-6.2

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-lowlatency-hwe-6.5

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-lowlatency-hwe-6.8

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-lts-xenial

plucky	dne
oracular	dne
noble	dne
jammy	dne
trusty	needs-triage

linux-nvidia

plucky	dne
oracular	dne
noble	needs-triage
jammy	needs-triage

linux-nvidia-6.2

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-nvidia-6.5

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-nvidia-6.8

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-nvidia-lowlatency

plucky	dne
oracular	dne
noble	needs-triage
jammy	dne

linux-nvidia-tegra

plucky	dne
oracular	dne
noble	needs-triage
jammy	needs-triage

linux-nvidia-tegra-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-nvidia-tegra-igx

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-oem

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored

linux-oem-5.10

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-oem-5.13

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-oem-5.14

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-oem-5.17

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-oem-5.6

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-oem-6.0

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-oem-6.1

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-oem-6.11

plucky	dne
oracular	dne
noble	needs-triage
jammy	dne

linux-oem-6.14

plucky	dne
oracular	dne
noble	needs-triage
jammy	dne

linux-oem-6.5

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-oem-6.8

plucky	dne
oracular	dne
noble	needs-triage
jammy	dne

linux-oracle

plucky	needs-triage
oracular	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage

linux-oracle-5.0

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored

linux-oracle-5.11

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-oracle-5.13

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-oracle-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-oracle-5.3

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	ignored

linux-oracle-5.4

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-oracle-5.8

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-oracle-6.5

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-oracle-6.8

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-raspi

plucky	needs-triage
oracular	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage

linux-raspi-5.4

plucky	dne
oracular	dne
noble	dne
jammy	dne
bionic	needs-triage

linux-raspi-realtime

plucky	dne
oracular	dne
noble	needs-triage
jammy	dne

linux-raspi2

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-realtime

plucky	needs-triage
oracular	needs-triage
noble	needs-triage
jammy	needs-triage

linux-riscv

plucky	needs-triage
oracular	needs-triage
noble	needs-triage
jammy	ignored
focal	ignored

linux-riscv-5.11

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-riscv-5.15

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	needs-triage

linux-riscv-5.19

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-riscv-5.8

plucky	dne
oracular	dne
noble	dne
jammy	dne
focal	ignored

linux-riscv-6.5

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-riscv-6.8

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage

linux-starfive-5.19

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-starfive-6.2

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-starfive-6.5

plucky	dne
oracular	dne
noble	dne
jammy	ignored

linux-xilinx-zynqmp

plucky	dne
oracular	dne
noble	dne
jammy	needs-triage
focal	needs-triage

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
Published: 2025-06-17T22:00:00+00:00

References

https://git.kernel.org/stable/c/0a24ea26c3278216642a43291df7976a73a0a7ee

https://git.kernel.org/stable/c/7e83af3dd4a3afca8f83ffde518cafd52f45b830

https://git.kernel.org/stable/c/875b2bf469d094754ac2ba9af91dcd529eb12bf6

https://git.kernel.org/stable/c/87b1a9175f08313f40fcb6d6dc536dbe451090eb

https://git.kernel.org/stable/c/890005a7d98f7452cfe86dcfb2aeeb7df01132ce