CVE-2025-39821

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw where calling pmu->start()/stop() on perf events in PERF EVENT STATE OFF can lead to undefined behavior. This occurs when event->hw.idx is at -1, and PMU drivers attempt to use this negative index as a shift exponent in bitwise operations, resulting in UBSAN shift-out-of-bounds reports. The issue arises from a logical flaw in how event groups handle throttling when some members are intentionally disabled. The throttling mechanism attempts to start/stop events that are not actively scheduled on the hardware.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.