{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T01:21:23.803","vulnerabilities":[{"cve":{"id":"CVE-2025-22094","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-04-16T15:16:03.593","lastModified":"2025-10-31T20:53:02.657","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/perf: Fix ref-counting on the PMU 'vpa_pmu'\n\nCommit 176cda0619b6 (\"powerpc/perf: Add perf interface to expose vpa\ncounters\") introduced 'vpa_pmu' to expose Book3s-HV nested APIv2 provided\nL1<->L2 context switch latency counters to L1 user-space via\nperf-events. However the newly introduced PMU named 'vpa_pmu' doesn't\nassign ownership of the PMU to the module 'vpa_pmu'. Consequently the\nmodule 'vpa_pmu' can be unloaded while one of the perf-events are still\nactive, which can lead to kernel oops and panic of the form below on a\nPseries-LPAR:\n\nBUG: Kernel NULL pointer dereference on read at 0x00000058\n<snip>\n NIP [c000000000506cb8] event_sched_out+0x40/0x258\n LR [c00000000050e8a4] __perf_remove_from_context+0x7c/0x2b0\n Call Trace:\n [c00000025fc3fc30] [c00000025f8457a8] 0xc00000025f8457a8 (unreliable)\n [c00000025fc3fc80] [fffffffffffffee0] 0xfffffffffffffee0\n [c00000025fc3fcd0] [c000000000501e70] event_function+0xa8/0x120\n<snip>\n Kernel panic - not syncing: Aiee, killing interrupt handler!\n\nFix this by adding the module ownership to 'vpa_pmu' so that the module\n'vpa_pmu' is ref-counted and prevented from being unloaded when perf-events\nare initialized."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/perf: Se corrige el conteo de referencias en la PMU 'vpa_pmu'. El commit 176cda0619b6 (\"powerpc/perf: Añadir interfaz perf para exponer contadores vpa\") introdujo 'vpa_pmu' para exponer los contadores de latencia de cambio de contexto L1&lt;-&gt;L2 proporcionados por la APIv2 anidada de Book3s-HV al espacio de usuario L1 mediante eventos perf. Sin embargo, la nueva PMU, denominada 'vpa_pmu', no asigna la propiedad de la PMU al módulo 'vpa_pmu'. En consecuencia, el módulo 'vpa_pmu' se puede descargar mientras uno de los eventos de rendimiento aún está activo, lo que puede provocar errores y pánico en el kernel del formato siguiente en un Pseries-LPAR: ERROR: Desreferencia de puntero NULL del kernel en lectura en 0x00000058  NIP [c000000000506cb8] event_sched_out+0x40/0x258 LR [c00000000050e8a4] __perf_remove_from_context+0x7c/0x2b0 Rastreo de llamadas: [c00000025fc3fc30] [c00000025f8457a8] 0xc00000025f8457a8 (no confiable) [c00000025fc3fc80] [ffffffffffffffee0] 0xffffffffffffffee0 [c00000025fc3fcd0] [c000000000501e70] event_function+0xa8/0x120  Pánico del kernel: no se sincroniza: ¡Ay, se está eliminando el controlador de interrupciones! Para solucionarlo, agregue la propiedad del módulo a 'vpa_pmu' para que se contabilice y se evite su descarga al inicializar eventos de rendimiento."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.13.11","matchCriteriaId":"E7E864B0-8C00-4679-BA55-659B4C9C3AD3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.14.2","matchCriteriaId":"FADAE5D8-4808-442C-B218-77B2CE8780A0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/6cf045b51e2c5721db7e55305f09ee32741e00f9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/70ea7c5189197c6f5acdcfd8a2651be2c41e2faa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ff99d5b6a246715f2257123cdf6c4a29cb33aa78","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}