CVE-2025-38322
📋 TL;DR
A Linux kernel vulnerability in the perf/x86/intel subsystem causes a hard-lockup crash on Intel RaptorLake E-core CPUs when attempting to update topdown performance monitoring events. This affects systems running vulnerable Linux kernel versions with Intel hybrid CPUs (P-cores and E-cores). The crash occurs when the kernel incorrectly invokes topdown functions on CPUs that don't support the perf metrics feature.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System hard-lockup crash leading to denial of service, potentially affecting multiple cores and requiring physical reboot.
Likely Case
Kernel panic or system crash when performance monitoring tools access certain CPU counters on affected E-core CPUs.
If Mitigated
No impact if performance monitoring is disabled or if the system doesn't use affected Intel hybrid CPUs.
🎯 Exploit Status
Discovered by perf_fuzzer, not known to be actively exploited. Requires local access and ability to use performance monitoring tools.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 702ea6028032d6c1fe96c2d4762a3575e3654819, 79e2dd573116d3338507c311460da9669095c94d, a85cc69acdcb05f8cd226b8ea0778b8e2e887e6f, b0823d5fbacb1c551d793cbfe7af24e0d1fa45ed, e97c45c770f5e56c784a46c2a96ab968d26b97d9
Vendor Advisory: https://git.kernel.org/stable/c/702ea6028032d6c1fe96c2d4762a3575e3654819
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing fix commits. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable perf subsystem
linuxDisable the performance monitoring subsystem to prevent triggering the vulnerability
echo 0 > /proc/sys/kernel/perf_event_paranoid
Disable perf in kernel config if compiling custom kernel
Restrict perf access
linuxLimit perf tool access to privileged users only
chmod 750 /usr/bin/perf
setcap cap_sys_admin,cap_sys_ptrace,cap_syslog+ep /usr/bin/perf
🧯 If You Can't Patch
- Restrict local user access to performance monitoring tools and interfaces
- Disable or blacklist perf module if not required for system operation
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if system has Intel hybrid CPUs: cat /proc/cpuinfo | grep -i 'model name' && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated beyond affected range and test perf tools on E-core CPUs📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- General protection fault errors in dmesg
- Hard-lockup crash reports
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("general protection fault" OR "hard-lockup" OR "perf/x86/intel")🔗 References
- https://git.kernel.org/stable/c/702ea6028032d6c1fe96c2d4762a3575e3654819
- https://git.kernel.org/stable/c/79e2dd573116d3338507c311460da9669095c94d
- https://git.kernel.org/stable/c/a85cc69acdcb05f8cd226b8ea0778b8e2e887e6f
- https://git.kernel.org/stable/c/b0823d5fbacb1c551d793cbfe7af24e0d1fa45ed
- https://git.kernel.org/stable/c/e97c45c770f5e56c784a46c2a96ab968d26b97d9
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
