CVE-2022-49781: 
Linux Kernel vulnerability analysis and mitigation

A race condition vulnerability was identified in the Linux kernel's performance monitoring subsystem (perf) for AMD processors, tracked as CVE-2022-49781. The issue affects the interaction between amdpmuenable_all, perf NMI, and throttling functions. The vulnerability was disclosed and documented in May 2025 (NVD).

The vulnerability occurs in the amdpmuenableall() function where a race condition exists between checking the activemask and enabling events. When a perf NMI of another event occurs between these two steps, it internally disables and enables all events, including the one which nmi-intercepted amdpmuenableall() was in process of enabling. If an unintentionally enabled event has a very low sampling period causing immediate successive NMI and throttling, it results in cpuc->events[idx] and cpuc->activemask being cleared by x86pmustop(). This leads to amdpmuenable_event() being called with event=NULL (NVD, Wiz).

The vulnerability can result in a kernel crash due to NULL pointer dereference, potentially affecting system stability and availability. The crash manifests in the kernel with error messages indicating a supervisor read access failure in kernel mode (Wiz).

The issue has been resolved in the Linux kernel by modifying the handling of BRS (Branch Sampling) enablement. The fix involves disabling BRS at the beginning and enabling it back while returning from NMI. This prevents the race condition by avoiding the enabling of events whose active_masks are set but not yet enabled in the hardware PMU (NVD).