CVE-2026-53370 – perf/x86/intel: Improve validation and configuration of ACR masks
CVE ID :CVE-2026-53370
Published : July 19, 2026, 9:17 a.m. | 23 minutes ago
Description :In the Linux kernel, the following vulnerability has been resolved:
perf/x86/intel: Improve validation and configuration of ACR masks
Currently there are several issues on the user space ACR mask validation
and configuration.
– The validation for user space ACR mask (attr.config2) is incomplete,
e.g., the ACR mask could include the index which belongs to another
ACR events group, but it’s not validated.
– An early return on an invalid ACR mask caused all subsequent ACR groups
to be skipped.
– The stale hardware ACR mask (hw.config1) is not cleared before setting
new hardware ACR mask.
The following changes address all of the above issues.
– Figure out the event index group of an ACR group. Any bits in the
user-space mask not present in the index group are now dropped.
– Instead of an early return on invalid bits, drop only the invalid
portions and continue iterating through all ACR events to ensure full
configuration.
– Explicitly clear the stale hardware ACR mask for each event prior to
writing the new configuration.
Besides, a non-leader event member of ACR group could be disabled in
theory. This could cause bit-shifting errors in the acr_mask of remaining
group members. But since ACR sampling requires all events to be active,
this should not be a big concern in real use case. Add a “FIXME” comment
to notice this risk.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
آسیبپذیریهای جدید و وصلههای امنیتی بهصورت مداوم منتشر میشوند و عدم بروزرسانی بهموقع میتواند امنیت سرویسهای حیاتی را به خطر بیندازد. خدمات مدیریت و پشتیبانی سرور آفاق هاستینگ شامل پایش امنیتی، بروزرسانی نرمافزارها، نصب Patchهای امنیتی و سختسازی سرورها است.
خدمات مدیریت و امنیت سرور