Description
In the Linux kernel, the following vulnerability has been resolved:

perf/x86: Fix potential bad container_of in intel_pmu_hw_config

Auto counter reload may have a group of events with software events
present within it. The software event PMU isn't the x86_hybrid_pmu and
a container_of operation in intel_pmu_set_acr_caused_constr (via the
hybrid helper) could cause out of bound memory reads. Avoid this by
guarding the call to intel_pmu_set_acr_caused_constr with an
is_x86_event check.
Published: 2026-05-01
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Linux kernel’s Intel performance monitoring unit code allows a container_of misuse in the intel_pmu_set_acr_caused_constr helper to read memory beyond the intended bounds. The exploit is limited to systems using the x86 hybrid PMU when a group of events contains software events. The out‑of‑bounds read can expose kernel memory contents and may result in system instability or a crash, affecting confidentiality and availability. The weakness is a buffer‑overread error.

Affected Systems

The vulnerability affects the Linux kernel, as identified by the vendor and product entries "Linux:Linux". No specific kernel version range is listed in the CNA data, so all kernels containing the unpatched code path are potentially exposed.

Risk and Exploitability

The EPSS score is unavailable and the vulnerability is not listed in the CISA KEV catalog. The absence of an exploitable user‑mode entry point limits the attack depth; an attacker would need to compromise kernel execution or combine this flaw with another privileged‑level vulnerability to benefit. The CVSS score is not supplied, but the nature of the bug—out‑of‑bounds memory access in kernel space—implies a potentially high impact if exploited. The likely attack vector is local privilege escalation or a previously‑established kernel exploit. Overall, the risk is moderate to high for affected systems awaiting a patch.

Generated by OpenCVE AI on May 2, 2026 at 07:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that incorporates the commit that addresses the container_of issue (identifiable by the Git commit c/bfee0483…); this is the documented fix by the CA.
  • Reboot the system after updating to ensure the new kernel image is fully loaded and old memory references are cleared.
  • If the system does not rely on Intel PMU or hybrid PMU, disable it using the kernel boot parameter ‘intel_pmu=off’ or the appropriate sysfs setting until the patch is applied.

Generated by OpenCVE AI on May 2, 2026 at 07:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 07:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-125

Fri, 01 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: perf/x86: Fix potential bad container_of in intel_pmu_hw_config Auto counter reload may have a group of events with software events present within it. The software event PMU isn't the x86_hybrid_pmu and a container_of operation in intel_pmu_set_acr_caused_constr (via the hybrid helper) could cause out of bound memory reads. Avoid this by guarding the call to intel_pmu_set_acr_caused_constr with an is_x86_event check.
Title perf/x86: Fix potential bad container_of in intel_pmu_hw_config
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-01T14:15:08.586Z

Reserved: 2026-03-09T15:48:24.141Z

Link: CVE-2026-31782

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-01T15:16:41.707

Modified: 2026-05-01T15:24:14.893

Link: CVE-2026-31782

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T07:30:36Z

Weaknesses