Vince Weaver

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved, related to unchecked MSR access error on HSW. The issue occurs when the TSX is disabled on a machine with the LBR format LBR FORMAT EIP FLAGS2, and a TSX quirk is required to access LBR from registers. The `lbr from signext quirk needed()` function is introduced to determine whether the TSX quirk should be applied, but it is invoked before the `intel pmu lbr init()`, which parses the LBR format information. This results in the TSX quirk never being applied. The fix involves moving the `lbr from signext quirk needed()` into the `intel pmu lbr init()`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.11.8 **Description** The issue is related to the intel pmu drain pebs nhm function in the Linux kernel, which can cause a system crash due to mishandling of the PEBS status in a PEBS record. This can be exploited by userspace applications, such as perf-fuzzer, on some Haswell CPUs. **Recommendations** For Linux kernel versions through 5.11.8, update to a version newer than 5.11.8 to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.12.2 **Description** The issue is related to the perf trace event perm function in the Linux kernel, which does not properly restrict access to the perf subsystem. This allows local users to enable function tracing via a crafted application. **Recommendations** For versions prior to 3.12.2, update to version 3.12.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.10.8 **Description** The issue allows local users to gain privileges or cause a denial of service, resulting in a system crash due to a NULL pointer dereference. This is achieved by adding a hardware event to an event group led by a software event through the `validate event` function in `arch/arm/kernel/perf event.c` on the ARM platform. **Recommendations** For Linux kernel versions prior to 3.10.8, update to version 3.10.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the `validate event` function in `arch/arm/kernel/perf event.c` to minimize the risk of exploitation. Avoid adding hardware events to event groups led by software events until the issue is resolved.