Linux Kernel Race Condition Vulnerability in AMD Performance Monitoring Unit

A vulnerability in the Linux kernel's handling of AMD performance monitoring events can lead to a kernel crash. This issue arises from a race condition between the functions 'amd_pmu_enable_all' and the performance 'NMI' (Non-Maskable Interrupt) handler. When 'amd_pmu_enable_all' is called to enable performance events, an incoming 'NMI' can interrupt this process. The 'NMI' handler disables all events, including the one being enabled, and if the event has a low sampling period, it can cause immediate successive 'NMI' interruptions. This sequence clears the event data, leading to a null pointer dereference when the 'amd_pmu_enable_all' function resumes. The resulting crash is due to a kernel null pointer dereference error, which occurs when the kernel tries to access a memory address that is not valid.

Impact

Exploitation of this vulnerability causes a kernel crash due to a null pointer dereference, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by enabling performance monitoring events on an AMD processor while the 'NMI' handler is active. This can be done by triggering an 'NMI' event that interrupts the process of enabling another event, particularly one with a low sampling period that causes rapid successive 'NMI' interruptions. The race condition created by this interruption leads to the event being disabled before it can be properly managed, causing the 'amd_pmu_enable_event' function to be called with a null event, which then results in a kernel crash.