Volerion logoVolerion
Volerion logoVolerion

Linux Kernel ARM SPE Performance Monitoring Unit Buffer Overflow Vulnerability

Vulnerability

A vulnerability in the Linux kernel's handling of the ARMv8.2 Statistical Profiling Extension has been addressed. The issue involved a buffer overflow in the Performance Index to Offset macro, which could occur when processing large AUX buffer sizes of 2 GiB or more. This vulnerability was present in the stable branch of the Linux kernel.

Impact

The vulnerability could lead to a buffer overflow, which may be exploited to cause undefined behavior in the kernel, such as memory corruption or arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using the ARMv8.2 Statistical Profiling Extension with AUX buffer sizes of 2 GiB or larger. The buffer overflow occurs in the Performance Index to Offset macro, which improperly calculates offsets based on the number of pages in the AUX buffer.

Remediation

Users can upgrade to the latest version of the Linux kernel stable branch, where this vulnerability has been fixed.

Added: Oct 28, 2025, 12:20 PM
Updated: Oct 28, 2025, 12:20 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.3
remediation
7.7
relevance
0.9
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.