Primary

Context

Linux Kernel PowerPC PMU Reference Counting Vulnerability

Vulnerability

A vulnerability in the Linux kernel's PowerPC performance monitoring unit (PMU) handling has been identified. The issue arises from a missing reference count management for the 'vpa_pmu' module, which was introduced to expose latency counters to user space via performance events. As a result, the 'vpa_pmu' module can be unloaded while performance events are still active, leading to a kernel crash. This vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause a kernel crash (panic) due to a null pointer dereference, disrupting system operations and stability.

Remediation

The vulnerability has been addressed by modifying the 'vpa_pmu' module to include proper ownership and reference counting, preventing the module from being unloaded while performance events are active.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel PowerPC PMU Reference Counting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating