VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2025-68370

CVE-2025-68370

Description

In the Linux kernel, the following vulnerability has been resolved:

coresight: tmc: add the handle of the event to the path

The handle is essential for retrieving the AUX_EVENT of each CPU and is required in perf mode. It has been added to the coresight_path so that dependent devices can access it from the path when needed.

The existing bug can be reproduced with: perf record -e cs_etm//k -C 0-9 dd if=/dev/zero of=/dev/null

Showing an oops as follows: Unable to handle kernel paging request at virtual address 000f6e84934ed19e

Call trace: tmc_etr_get_buffer+0x30/0x80 [coresight_tmc] (P) catu_enable_hw+0xbc/0x3d0 [coresight_catu] catu_enable+0x70/0xe0 [coresight_catu] coresight_enable_path+0xb0/0x258 [coresight]

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Linux kernel coresight TMC missing AUX event handle in perf mode causes NULL pointer dereference and crash.

The vulnerability resides in the Linux kernel's coresight tracing subsystem. The TMC (Trace Memory Controller) driver fails to include an AUX event handle in the coresight_path structure when operating in perf mode. This handle is essential for retrieving per-CPU AUX events [1]. Without it, a NULL pointer dereference occurs when the driver attempts to access the handle during buffer retrieval.

The bug can be triggered by running perf record with the cs_etm event on multiple CPUs, as shown in the exploit reproduction command. No special privileges beyond the ability to execute perf are required; local user access is sufficient [1]. The attack surface is limited to systems with coresight hardware and perf enabled.

When triggered, the kernel oopses with an error like "Unable to handle kernel paging request" due to the dereference of an invalid pointer. The call trace points to tmc_etr_get_buffer and catu_enable_hw. This results in a denial of service (system crash) [1].

A fix has been committed to the Linux kernel stable tree. The commit ensures the handle is properly added to the path during enabling. Users should update to a kernel containing this commit or apply the patch. No workaround is documented [1].

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.