Linux Kernel CPU Hotplug Handling Vulnerability in s390 CPUMF Sampling

Vulnerability

A vulnerability in the Linux kernel's handling of CPU hotplug events in the s390 architecture can lead to a use-after-free condition. When a CPU is removed, the hotplug handler deallocates all sampling data buffers for that CPU. However, if a performance event is still active on the removed CPU, the kernel attempts to read the samples from these buffers, which have already been freed and may have been reassigned. This can result in accessing invalid data, potentially leading to memory corruption.

Impact

Exploitation of this vulnerability can cause a use-after-free condition, where the kernel accesses freed memory that may have been reallocated, leading to invalid data being processed. This type of memory corruption can often be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel CPU Hotplug Handling Vulnerability in s390 CPUMF Sampling

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating