{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-26902","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-19T14:20:24.187Z","datePublished":"2024-04-17T10:27:51.042Z","dateUpdated":"2025-05-04T08:59:16.887Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:59:16.887Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nperf: RISCV: Fix panic on pmu overflow handler\n\n(1 << idx) of int is not desired when setting bits in unsigned long\noverflowed_ctrs, use BIT() instead. This panic happens when running\n'perf record -e branches' on sophgo sg2042.\n\n[  273.311852] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000098\n[  273.320851] Oops [#1]\n[  273.323179] Modules linked in:\n[  273.326303] CPU: 0 PID: 1475 Comm: perf Not tainted 6.6.0-rc3+ #9\n[  273.332521] Hardware name: Sophgo Mango (DT)\n[  273.336878] epc : riscv_pmu_ctr_get_width_mask+0x8/0x62\n[  273.342291]  ra : pmu_sbi_ovf_handler+0x2e0/0x34e\n[  273.347091] epc : ffffffff80aecd98 ra : ffffffff80aee056 sp : fffffff6e36928b0\n[  273.354454]  gp : ffffffff821f82d0 tp : ffffffd90c353200 t0 : 0000002ade4f9978\n[  273.361815]  t1 : 0000000000504d55 t2 : ffffffff8016cd8c s0 : fffffff6e3692a70\n[  273.369180]  s1 : 0000000000000020 a0 : 0000000000000000 a1 : 00001a8e81800000\n[  273.376540]  a2 : 0000003c00070198 a3 : 0000003c00db75a4 a4 : 0000000000000015\n[  273.383901]  a5 : ffffffd7ff8804b0 a6 : 0000000000000015 a7 : 000000000000002a\n[  273.391327]  s2 : 000000000000ffff s3 : 0000000000000000 s4 : ffffffd7ff8803b0\n[  273.398773]  s5 : 0000000000504d55 s6 : ffffffd905069800 s7 : ffffffff821fe210\n[  273.406139]  s8 : 000000007fffffff s9 : ffffffd7ff8803b0 s10: ffffffd903f29098\n[  273.413660]  s11: 0000000080000000 t3 : 0000000000000003 t4 : ffffffff8017a0ca\n[  273.421022]  t5 : ffffffff8023cfc2 t6 : ffffffd9040780e8\n[  273.426437] status: 0000000200000100 badaddr: 0000000000000098 cause: 000000000000000d\n[  273.434512] [<ffffffff80aecd98>] riscv_pmu_ctr_get_width_mask+0x8/0x62\n[  273.441169] [<ffffffff80076bd8>] handle_percpu_devid_irq+0x98/0x1ee\n[  273.447562] [<ffffffff80071158>] generic_handle_domain_irq+0x28/0x36\n[  273.454151] [<ffffffff8047a99a>] riscv_intc_irq+0x36/0x4e\n[  273.459659] [<ffffffff80c944de>] handle_riscv_irq+0x4a/0x74\n[  273.465442] [<ffffffff80c94c48>] do_irq+0x62/0x92\n[  273.470360] Code: 0420 60a2 6402 5529 0141 8082 0013 0000 0013 0000 (6d5c) b783\n[  273.477921] ---[ end trace 0000000000000000 ]---\n[  273.482630] Kernel panic - not syncing: Fatal exception in interrupt"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/perf/riscv_pmu_sbi.c"],"versions":[{"version":"4905ec2fb7e6421c14c9fb7276f5aa92f60f2b98","lessThan":"3ede8e94de6b834b48b0643385e66363e7a04be9","status":"affected","versionType":"git"},{"version":"4905ec2fb7e6421c14c9fb7276f5aa92f60f2b98","lessThan":"9f599ba3b9cc4bdb8ec1e3f0feddd41bf9d296d6","status":"affected","versionType":"git"},{"version":"4905ec2fb7e6421c14c9fb7276f5aa92f60f2b98","lessThan":"34b567868777e9fd39ec5333969728a7f0cf179c","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/perf/riscv_pmu_sbi.c"],"versions":[{"version":"5.18","status":"affected"},{"version":"0","lessThan":"5.18","status":"unaffected","versionType":"semver"},{"version":"6.6.23","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.7.11","lessThanOrEqual":"6.7.*","status":"unaffected","versionType":"semver"},{"version":"6.8","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.6.23"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.7.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.8"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3ede8e94de6b834b48b0643385e66363e7a04be9"},{"url":"https://git.kernel.org/stable/c/9f599ba3b9cc4bdb8ec1e3f0feddd41bf9d296d6"},{"url":"https://git.kernel.org/stable/c/34b567868777e9fd39ec5333969728a7f0cf179c"}],"title":"perf: RISCV: Fix panic on pmu overflow handler","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T00:21:05.483Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/3ede8e94de6b834b48b0643385e66363e7a04be9","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/9f599ba3b9cc4bdb8ec1e3f0feddd41bf9d296d6","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/34b567868777e9fd39ec5333969728a7f0cf179c","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-26902","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T15:48:03.217895Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:33:22.798Z"}}]}}