Linux Kernel Intel PMU Event Handling Vulnerability Leading to Out-of-Bounds Memory Reads

A vulnerability in the Linux kernel's handling of Intel Performance Monitoring Unit (PMU) events can lead to out-of-bounds memory reads. This issue arises in versions of the kernel that include the problematic PMU event handling, specifically within the 'perf' subsystem for x86 architecture. The vulnerability is related to the 'intel_pmu_hw_config' function, where a 'container_of' operation could incorrectly process events, particularly when software events are mixed with hardware events. The issue is exacerbated by the fact that the software event PMU is not the x86_hybrid_pmu', which could allow for improper event handling and memory access.

Impact

Exploitation of this vulnerability could result in out-of-bounds memory reads, potentially leading to information disclosure or other memory-related issues.

Reproduction

The vulnerability can be reproduced by configuring the Intel PMU to use auto counter reload, which may introduce a group of events that includes software events. When this mixed event group is processed, the lack of proper checks can cause the 'container_of' operation to read memory outside of the intended bounds, leading to out-of-bounds memory reads.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that resolves this issue is 'bfee04838f636d064bc92075c65c95f739003804', which is available in the Linux kernel stable tree.