CVE-2026-53370 – perf/x86/intel: Improve validation and configuration of ACR masks

CVE ID :CVE-2026-53370

Published : July 19, 2026, 9:17 a.m. | 23 minutes ago

Description :In the Linux kernel, the following vulnerability has been resolved:

perf/x86/intel: Improve validation and configuration of ACR masks

Currently there are several issues on the user space ACR mask validation
and configuration.
– The validation for user space ACR mask (attr.config2) is incomplete,
e.g., the ACR mask could include the index which belongs to another
ACR events group, but it’s not validated.
– An early return on an invalid ACR mask caused all subsequent ACR groups
to be skipped.
– The stale hardware ACR mask (hw.config1) is not cleared before setting
new hardware ACR mask.

The following changes address all of the above issues.
– Figure out the event index group of an ACR group. Any bits in the
user-space mask not present in the index group are now dropped.
– Instead of an early return on invalid bits, drop only the invalid
portions and continue iterating through all ACR events to ensure full
configuration.
– Explicitly clear the stale hardware ACR mask for each event prior to
writing the new configuration.

Besides, a non-leader event member of ACR group could be disabled in
theory. This could cause bit-shifting errors in the acr_mask of remaining
group members. But since ACR sampling requires all events to be active,
this should not be a big concern in real use case. Add a “FIXME” comment
to notice this risk.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

آسیب‌پذیری‌های جدید و وصله‌های امنیتی به‌صورت مداوم منتشر می‌شوند و عدم بروزرسانی به‌موقع می‌تواند امنیت سرویس‌های حیاتی را به خطر بیندازد. خدمات مدیریت و پشتیبانی سرور آفاق هاستینگ شامل پایش امنیتی، بروزرسانی نرم‌افزارها، نصب Patchهای امنیتی و سخت‌سازی سرورها است.

خدمات مدیریت و امنیت سرور

نوشته های مشابه