Linux Kernel IA32_PMC_x_CFG_B MSRs Access Error Vulnerability

A vulnerability in the Linux kernel's handling of IA32_PMC_x_CFG_B Model-Specific Registers (MSRs) has been identified. This issue arises when the 'perf_fuzzer' tool is run on a system with Performance Monitoring Technology (PTL) enabled. The problem manifests as an 'unchecked MSR access error' when attempting to write to certain IA32_PMC_CFG_B MSRs. The root cause of this vulnerability is an incorrect validation of the auto counter reload (ACR) counter mask from user space, which can lead to invalid data being written into the CFG_B MSRs, triggering access warnings. This vulnerability primarily affects Intel processors running Linux kernels that include the flawed MSR handling logic.

Impact

Exploitation of this vulnerability can lead to unchecked access errors when writing to IA32_PMC_x_CFG_B MSRs, potentially causing disruptions in performance monitoring operations.

Reproduction

To reproduce this vulnerability, run the 'perf_fuzzer' tool on a Linux system with PTL enabled. Monitor for 'unchecked MSR access error' messages, which indicate that the vulnerability has been triggered. The error occurs when the performance monitoring unit (PMU) attempts to write to CFG_B MSRs without proper validation, particularly on GP counters that do not support automatic reload.

Remediation

Users can update to the latest version of the Linux kernel, where this vulnerability has been addressed, to mitigate this issue.