Linux Kernel PEBS Record Loss Vulnerability Allowing NULL Pointer Dereference

A vulnerability in the Linux kernel's performance monitoring unit (PMU) handling can lead to a NULL pointer dereference. This issue occurs when the 'intel_pmu_drain_pebs_icl()' function processes certain performance events. The 'perf_event_overflow()' function, called during this process, can trigger an interrupt throttle that stops all events in the group. This throttling clears the event pointers in the 'cpuc->events[]' array, leading to potential NULL accesses. The vulnerability affects the Linux kernel's stable releases.

Impact

The vulnerability can cause a NULL pointer dereference, leading to a crash or undefined behavior in the kernel.

Reproduction

To reproduce this vulnerability, two PEBS events must be created in a group. When 'intel_pmu_drain_pebs_icl()' is called to process the events, the 'perf_event_overflow()' function will be triggered. This will clear the event pointers for both events in the group, and when the function tries to process the second event, it will encounter a NULL pointer access.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed.