CVE-2025-40359 in Linux
Summary
by MITRE • 12/16/2025
In the Linux kernel, the following vulnerability has been resolved:
perf/x86/intel: Fix KASAN global-out-of-bounds warning
When running "perf mem record" command on CWF, the below KASAN global-out-of-bounds warning is seen.
================================================================== BUG: KASAN: global-out-of-bounds in cmt_latency_data+0x176/0x1b0 Read of size 4 at addr ffffffffb721d000 by task dtlb/9850
Call Trace:
kasan_report+0xb8/0xf0 cmt_latency_data+0x176/0x1b0 setup_arch_pebs_sample_data+0xf49/0x2560 intel_pmu_drain_arch_pebs+0x577/0xb00 handle_pmi_common+0x6c4/0xc80
The issue is caused by below code in __grt_latency_data(). The code tries to access x86_hybrid_pmu structure which doesn't exist on non-hybrid platform like CWF.
WARN_ON_ONCE(hybrid_pmu(event->pmu)->pmu_type == hybrid_big)
So add is_hybrid() check before calling this WARN_ON_ONCE to fix the global-out-of-bounds access issue.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 02/21/2026
The vulnerability CVE-2025-40359 represents a critical kernel memory access issue within the Linux kernel's performance monitoring subsystem, specifically affecting the x86 architecture's Intel performance monitoring unit implementation. This flaw manifests as a KASAN (Kernel Address Sanitizer) global-out-of-bounds warning that occurs when executing the perf mem record command on certain platforms, particularly those identified as CWF (presumably a specific hardware configuration or model). The vulnerability stems from improper handling of hybrid versus non-hybrid CPU platform detection within the performance monitoring code paths, creating a condition where kernel memory is accessed beyond its allocated boundaries.
The technical root cause lies in the cmt_latency_data function within the perf/x86/intel subsystem where the code attempts to access the x86_hybrid_pmu structure without proper platform validation. This occurs during the setup_arch_pebs_sample_data function call chain, which ultimately leads to a memory access violation when the WARN_ON_ONCE macro tries to evaluate hybrid_pmu(event->pmu)->pmu_type on non-hybrid platforms. The specific memory address ff9ffffffb721d000 indicates an invalid memory access to kernel space, where the code attempts to read a 4-byte value from a location that has been marked as out-of-bounds by KASAN. This represents a classic case of improper conditional logic that fails to account for different hardware platform configurations, directly violating the principle of proper platform detection and validation.
The operational impact of this vulnerability extends beyond simple memory corruption, as it creates potential security implications within the kernel's performance monitoring capabilities. When running performance analysis tools such as perf mem record, attackers could potentially exploit this condition to cause system instability or potentially escalate privileges through memory corruption. The vulnerability specifically affects systems running on non-hybrid platforms where the hybrid_pmu structure is not initialized, making it particularly concerning for systems that rely heavily on performance monitoring for security analysis or operational diagnostics. This flaw demonstrates a fundamental lack of proper platform abstraction in the kernel's performance monitoring subsystem, where assumptions about hardware capabilities are not properly validated before memory access operations.
The fix implemented addresses the core issue by introducing an is_hybrid() check before executing the problematic WARN_ON_ONCE macro, ensuring that hybrid platform-specific code paths are only executed on appropriate hardware configurations. This mitigation aligns with the CWE-129 principle of input validation and proper bounds checking, preventing unauthorized memory access patterns that could lead to system compromise. The solution follows established security practices by implementing proper conditional logic that validates platform capabilities before attempting hardware-specific operations, which is consistent with the ATT&CK framework's approach to preventing privilege escalation through kernel memory corruption vulnerabilities. This fix ensures that the performance monitoring subsystem properly handles both hybrid and non-hybrid CPU platforms without creating memory access violations that could be exploited by malicious actors. The resolution demonstrates the importance of comprehensive platform detection and proper conditional execution in kernel space operations, particularly within performance monitoring and debugging subsystems where hardware-specific optimizations are common.