Fixed
Created: Jul 28, 2025
Updated: Aug 28, 2025
Resolved Date: Aug 28, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]perf: Fix sample vs do_exit()[EOL][EOL]Baisheng Gao reported an ARM64 crash, which Mark decoded as being a[EOL]synchronous external abort -- most likely due to trying to access[EOL]MMIO in bad ways.[EOL][EOL]The crash further shows perf trying to do a user stack sample while in[EOL]exit_mmap()'s tlb_finish_mmu() -- i.e. while tearing down the address[EOL]space it is trying to access.[EOL][EOL]It turns out that we stop perf after we tear down the userspace mm; a[EOL]receipie for disaster, since perf likes to access userspace for[EOL]various reasons.[EOL][EOL]Flip this order by moving up where we stop perf in do_exit().[EOL][EOL]Additionally, harden PERF_SAMPLE_CALLCHAIN and PERF_SAMPLE_STACK_USER[EOL]to abort when the current task does not have an mm (exit_mm() makes[EOL]sure to set current->mm = NULL; before commencing with the actual[EOL]teardown). Such that CPU wide events don't trip on this same problem.
CREATE(Triage):(User=admin) [CVE-2025-38424 (https://nvd.nist.gov/vuln/detail/CVE-2025-38424)
