PatchSiren cyber security CVE debrief
CVE-2025-68798 Linux CVE debrief
A general protection fault (GPF) vulnerability was found in the Linux kernel's perf/x86/amd. The issue arises from a race condition that can cause cpuc->events[idx] to become NULL. This can be triggered by an NMI->throttle->x86_pmu_stop() sequence. To address this, a check for a NULL event was added in amd_pmu_enable_all() before enabling the event.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-13
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-01-13
- Advisory updated
- 2026-07-14
Who should care
System administrators and security teams managing Linux kernel-based systems, especially those using AMD machines, should be aware of this vulnerability. They should verify if their systems are affected and apply the necessary patches to prevent potential GPFs.
Technical summary
The vulnerability exists in the Linux kernel's perf/x86/amd implementation. A race condition can lead to a NULL value in cpuc->events[idx], causing a GPF when attempting to enable an event. The fix involves adding a NULL check in amd_pmu_enable_all() before enabling events. This issue appears to be AMD-specific and was reported via syzkaller. The problem arises from a subtle race condition with NMI->throttle->x86_pmu_stop(), which can cause cpuc->events[idx] to become NULL. To address this, a check for a NULL event was added in amd_pmu_enable_all() before enabling the event. System administrators and security teams should verify if their systems are affected and apply necessary patches.
Defensive priority
Apply patches to address the GPF vulnerability in perf/x86/amd. Verify system configurations and perform inventory checks to identify potentially affected systems.
Recommended defensive actions
- Apply the official patches provided by the Linux kernel maintainers to address the GPF vulnerability in perf/x86/amd.
- Perform inventory checks to identify systems that may be affected by this vulnerability.
- Verify system configurations to ensure they are not exposed to unnecessary risks.
- Monitor system logs for any signs of GPFs related to perf/x86/amd.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
The CVE record was published on 2026-01-13T16:16:01.770Z and last modified on 2026-07-14T13:18:00.523Z. The NVD entry is currently Deferred. Multiple source references are provided, including kernel.org and Siemens CERT Portal links.
Official resources
-
CVE-2025-68798 CVE record
CVE.org
-
CVE-2025-68798 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-13T16:16:01.770Z and has not been modified since then. The NVD entry is currently Deferred.