CVE-2024-26902

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.0-rc3+

Description The Linux kernel has a vulnerability that can cause a kernel panic when running the command 'perf record -e branches' on certain hardware, such as the Sophgo sg2042. This issue occurs due to a NULL pointer dereference in the pmu overflow handler. The problem arises when setting bits in the unsigned long overflowed ctrs using the expression (1 << idx) of type int, which is not desired. Instead, the BIT() function should be used.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, versions prior to 6.6.0-rc3+ are affected, so updating to 6.6.0-rc3+ or later will resolve the issue.

Note: The provided information does not specify the exact fixed version, but it implies that versions prior to 6.6.0-rc3+ are vulnerable. Therefore, updating to the latest available version of the Linux kernel is recommended to ensure the fix is included.