Description
In the Linux kernel, the following vulnerability has been resolved:

perf/x86/intel/uncore: Fix die ID init and look up bugs

In snbep_pci2phy_map_init(), in the nr_node_ids > 8 path,
uncore_device_to_die() may return -1 when all CPUs associated
with the UBOX device are offline.

Remove the WARN_ON_ONCE(die_id == -1) check for two reasons:

- The current code breaks out of the loop. This is incorrect because
pci_get_device() does not guarantee iteration in domain or bus order,
so additional UBOX devices may be skipped during the scan.

- Returning -EINVAL is incorrect, since marking offline buses with
die_id == -1 is expected and should not be treated as an error.

Separately, when NUMA is disabled on a NUMA-capable platform,
pcibus_to_node() returns NUMA_NO_NODE, causing uncore_device_to_die()
to return -1 for all PCI devices. As a result,
spr_update_device_location(), used on Intel SPR and EMR, ignores the
corresponding PMON units and does not add them to the RB tree.

Fix this by using uncore_pcibus_to_dieid(), which retrieves topology
from the UBOX GIDNIDMAP register and works regardless of whether NUMA
is enabled in Linux. This requires snbep_pci2phy_map_init() to be
added in spr_uncore_pci_init().

Keep uncore_device_to_die() only for the nr_node_ids > 8 case, where
NUMA is expected to be enabled.
Published: 2026-05-08
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A defect in the Linux kernel’s uncore device initialization caused the die identifier to be incorrectly reported as –1 when all CPUs linked to a UBOX device were offline, or when NUMA was disabled. This bad value broke device‑scanning loops and caused performance monitoring (PMON) units on Intel SPR and EMR platforms to be omitted from the system’s runtime data structures, resulting in incomplete hardware topology and loss of accurate performance data rather than a direct security breach.

Affected Systems

All Linux kernel installations that incorporated the snbep_pci2phy_map_init path prior to the fix are affected. The bug spans all kernel versions hosted under the Linux:Linux CNA that contain the uninitialized die ID logic within the perf/x86/intel/uncore subsystem. Updated kernels that include the referenced commits correct the logic and are not vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and no EPSS probability is available; the vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector is most likely local during system boot or when an administrator or privileged process triggers a reseed of the UBOX topology. While it does not provide direct code execution or data exfiltration, the flaw can be exploited to foil performance monitoring and potentially hide hardware issues from system administrators, so the severity is moderate at most, with exploitable conditions limited to environments that rely on full PMON coverage for monitoring or debugging.

Generated by OpenCVE AI on May 9, 2026 at 02:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a Linux kernel update that incorporates the uncore die-ID initialization fix (for example, kernel 6.8.x or the commit series referenced in the advisory).
  • Reboot the system to allow the updated uncore device initialization to execute during boot.
  • Remove any kernel boot parameters that disable ACPI, NUMA, or UBOX topology—such as 'acpi=off', 'noapic', or 'numa=off'—so that the kernel can correctly enumerate uncore devices.

Generated by OpenCVE AI on May 9, 2026 at 02:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-253
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Fri, 08 May 2026 18:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-398

Fri, 08 May 2026 14:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix die ID init and look up bugs In snbep_pci2phy_map_init(), in the nr_node_ids > 8 path, uncore_device_to_die() may return -1 when all CPUs associated with the UBOX device are offline. Remove the WARN_ON_ONCE(die_id == -1) check for two reasons: - The current code breaks out of the loop. This is incorrect because pci_get_device() does not guarantee iteration in domain or bus order, so additional UBOX devices may be skipped during the scan. - Returning -EINVAL is incorrect, since marking offline buses with die_id == -1 is expected and should not be treated as an error. Separately, when NUMA is disabled on a NUMA-capable platform, pcibus_to_node() returns NUMA_NO_NODE, causing uncore_device_to_die() to return -1 for all PCI devices. As a result, spr_update_device_location(), used on Intel SPR and EMR, ignores the corresponding PMON units and does not add them to the RB tree. Fix this by using uncore_pcibus_to_dieid(), which retrieves topology from the UBOX GIDNIDMAP register and works regardless of whether NUMA is enabled in Linux. This requires snbep_pci2phy_map_init() to be added in spr_uncore_pci_init(). Keep uncore_device_to_die() only for the nr_node_ids > 8 case, where NUMA is expected to be enabled.
Title perf/x86/intel/uncore: Fix die ID init and look up bugs
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-08T13:39:30.537Z

Reserved: 2026-05-01T14:12:56.003Z

Link: CVE-2026-43344

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T14:16:44.433

Modified: 2026-05-08T14:16:44.433

Link: CVE-2026-43344

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43344 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T02:30:16Z

Weaknesses