CVE-2026-43344

Summary

In the Linux kernel, the following vulnerability has been resolved:

perf/x86/intel/uncore: Fix die ID init and look up bugs

In snbep_pci2phy_map_init(), in the nr_node_ids > 8 path, uncore_device_to_die() may return -1 when all CPUs associated with the UBOX device are offline.

Remove the WARN_ON_ONCE(die_id == -1) check for two reasons:

  • The current code breaks out of the loop. This is incorrect because pci_get_device() does not guarantee iteration in domain or bus order, so additional UBOX devices may be skipped during the scan.

  • Returning -EINVAL is incorrect, since marking offline buses with die_id == -1 is expected and should not be treated as an error.

Separately, when NUMA is disabled on a NUMA-capable platform, pcibus_to_node() returns NUMA_NO_NODE, causing uncore_device_to_die() to return -1 for all PCI devices. As a result, spr_update_device_location(), used on Intel SPR and EMR, ignores the corresponding PMON units and does not add them to the RB tree.

Fix this by using uncore_pcibus_to_dieid(), which retrieves topology from the UBOX GIDNIDMAP register and works regardless of whether NUMA is enabled in Linux. This requires snbep_pci2phy_map_init() to be added in spr_uncore_pci_init().

Keep uncore_device_to_die() only for the nr_node_ids > 8 case, where NUMA is expected to be enabled.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9a7832ce3d920426a36cdd78eda4b3568d4d09e3 < 6a5dc3ee97581da2907fc7acd62853f07184de67affected
LinuxLinux9a7832ce3d920426a36cdd78eda4b3568d4d09e3 < a16d1ec4dd0cdcf689f324adde6067083bce9099affected
LinuxLinux5.12affected
LinuxLinux0 < 5.12unaffected
LinuxLinux6.19.14 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References