Description
In the Linux kernel, the following vulnerability has been resolved:

perf/x86/intel/uncore: Fix die ID init and look up bugs

In snbep_pci2phy_map_init(), in the nr_node_ids > 8 path,
uncore_device_to_die() may return -1 when all CPUs associated
with the UBOX device are offline.

Remove the WARN_ON_ONCE(die_id == -1) check for two reasons:

- The current code breaks out of the loop. This is incorrect because
pci_get_device() does not guarantee iteration in domain or bus order,
so additional UBOX devices may be skipped during the scan.

- Returning -EINVAL is incorrect, since marking offline buses with
die_id == -1 is expected and should not be treated as an error.

Separately, when NUMA is disabled on a NUMA-capable platform,
pcibus_to_node() returns NUMA_NO_NODE, causing uncore_device_to_die()
to return -1 for all PCI devices. As a result,
spr_update_device_location(), used on Intel SPR and EMR, ignores the
corresponding PMON units and does not add them to the RB tree.

Fix this by using uncore_pcibus_to_dieid(), which retrieves topology
from the UBOX GIDNIDMAP register and works regardless of whether NUMA
is enabled in Linux. This requires snbep_pci2phy_map_init() to be
added in spr_uncore_pci_init().

Keep uncore_device_to_die() only for the nr_node_ids > 8 case, where
NUMA is expected to be enabled.
Published: 2026-05-08
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel contains a logic flaw in the uncore device initialization routine, where the function uncore_device_to_die() returns -1 when all CPUs linked to a UBOX device are offline or when NUMA is disabled. This incorrect return value leads to the scanner breaking out of its loop and consequently skipping other UBOX devices. Additionally, the condition was incorrectly treated as an error, causing PMON units on Intel SPR and EMR platforms to be omitted from the runtime data structures. The consequence is that performance monitoring data is incomplete or misleading, but the flaw does not allow code execution, confidentiality compromise, or direct availability impact.

Affected Systems

Any Linux kernel containing the perf/x86/intel/uncore submodule before the fix is affected. The CPE list shows that the vulnerability exists in the 7.0 release candidates (rc1 through rc7) and in the generic linux_kernel CPE, implying that earlier stable releases that include the same code are also affected. Kernel releases that incorporate the referenced commit series resolve the issue and are not impacted.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, while the EPSS score of <1% reflects a very low likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog, and the attack vector is local, requiring privileged kernel access during boot or when a privileged process re‑initializes uncore topology. Because the flaw only affects performance monitoring logic and not core system functionality, the overall security risk is limited but can result in inaccurate monitoring data for administrators.

Generated by OpenCVE AI on May 18, 2026 at 15:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a Linux kernel update that includes the commit series fixing the die‑ID initialization bug – the patch is present in kernel branches that include the newer commits for the 7.0 release line.
  • Reboot the system with the updated kernel so that the corrected topology initialization runs at startup.
  • If an immediate kernel update is not possible, disable uncore performance monitoring on affected Intel platforms or configure NUMA to be enabled until the patch can be applied.

Generated by OpenCVE AI on May 18, 2026 at 15:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-398

Mon, 18 May 2026 12:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-617
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-253
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Fri, 08 May 2026 18:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-398

Fri, 08 May 2026 14:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix die ID init and look up bugs In snbep_pci2phy_map_init(), in the nr_node_ids > 8 path, uncore_device_to_die() may return -1 when all CPUs associated with the UBOX device are offline. Remove the WARN_ON_ONCE(die_id == -1) check for two reasons: - The current code breaks out of the loop. This is incorrect because pci_get_device() does not guarantee iteration in domain or bus order, so additional UBOX devices may be skipped during the scan. - Returning -EINVAL is incorrect, since marking offline buses with die_id == -1 is expected and should not be treated as an error. Separately, when NUMA is disabled on a NUMA-capable platform, pcibus_to_node() returns NUMA_NO_NODE, causing uncore_device_to_die() to return -1 for all PCI devices. As a result, spr_update_device_location(), used on Intel SPR and EMR, ignores the corresponding PMON units and does not add them to the RB tree. Fix this by using uncore_pcibus_to_dieid(), which retrieves topology from the UBOX GIDNIDMAP register and works regardless of whether NUMA is enabled in Linux. This requires snbep_pci2phy_map_init() to be added in spr_uncore_pci_init(). Keep uncore_device_to_die() only for the nr_node_ids > 8 case, where NUMA is expected to be enabled.
Title perf/x86/intel/uncore: Fix die ID init and look up bugs
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:22:45.303Z

Reserved: 2026-05-01T14:12:56.003Z

Link: CVE-2026-43344

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-08T14:16:44.433

Modified: 2026-05-18T12:30:51.687

Link: CVE-2026-43344

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43344 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T16:00:15Z

Weaknesses