Bug 2420414 (CVE-2025-40327) - CVE-2025-40327 kernel: perf/core: Fix system hang caused by cpu-clock usage
Summary: CVE-2025-40327 kernel: perf/core: Fix system hang caused by cpu-clock usage
Keywords:
Status: NEW
Alias: CVE-2025-40327
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-12-09 05:01 UTC by OSIDB Bzimport
Modified: 2025-12-10 00:17 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-12-09 05:01:48 UTC 
In the Linux kernel, the following vulnerability has been resolved:

perf/core: Fix system hang caused by cpu-clock usage

cpu-clock usage by the async-profiler tool can trigger a system hang,
which got bisected back to the following commit by Octavia Togami:

  18dbcbfabfff ("perf: Fix the POLL_HUP delivery breakage") causes this issue

The root cause of the hang is that cpu-clock is a special type of SW
event which relies on hrtimers. The __perf_event_overflow() callback
is invoked from the hrtimer handler for cpu-clock events, and
__perf_event_overflow() tries to call cpu_clock_event_stop()
to stop the event, which calls htimer_cancel() to cancel the hrtimer.

But that's a recursion into the hrtimer code from a hrtimer handler,
which (unsurprisingly) deadlocks.

To fix this bug, use hrtimer_try_to_cancel() instead, and set
the PERF_HES_STOPPED flag, which causes perf_swevent_hrtimer()
to stop the event once it sees the PERF_HES_STOPPED flag.

[ mingo: Fixed the comments and improved the changelog. ]
Comment 1 Alexander B 2025-12-09 13:57:37 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025120908-CVE-2025-40327-e82c@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.