{"id":"CVE-2026-43416","summary":"powerpc, perf: Check that current-\u003emm is alive before getting user callchain","details":"In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc, perf: Check that current-\u003emm is alive before getting user callchain\n\nIt may happen that mm is already released, which leads to kernel panic.\nThis adds the NULL check for current-\u003emm, similarly to\ncommit 20afc60f892d (\"x86, perf: Check that current-\u003emm is alive before getting user callchain\").\n\nI was getting this panic when running a profiling BPF program\n(profile.py from bcc-tools):\n\n    [26215.051935] Kernel attempted to read user page (588) - exploit attempt? (uid: 0)\n    [26215.051950] BUG: Kernel NULL pointer dereference on read at 0x00000588\n    [26215.051952] Faulting instruction address: 0xc00000000020fac0\n    [26215.051957] Oops: Kernel access of bad area, sig: 11 [#1]\n    [...]\n    [26215.052049] Call Trace:\n    [26215.052050] [c000000061da6d30] [c00000000020fc10] perf_callchain_user_64+0x2d0/0x490 (unreliable)\n    [26215.052054] [c000000061da6dc0] [c00000000020f92c] perf_callchain_user+0x1c/0x30\n    [26215.052057] [c000000061da6de0] [c0000000005ab2a0] get_perf_callchain+0x100/0x360\n    [26215.052063] [c000000061da6e70] [c000000000573bc8] bpf_get_stackid+0x88/0xf0\n    [26215.052067] [c000000061da6ea0] [c008000000042258] bpf_prog_16d4ab9ab662f669_do_perf_event+0xf8/0x274\n    [...]\n\nIn addition, move storing the top-level stack entry to generic\nperf_callchain_user to make sure the top-evel entry is always captured,\neven if current-\u003emm is NULL.\n\n[Maddy: fixed message to avoid checkpatch format style error]","modified":"2026-06-18T03:57:37.247404476Z","published":"2026-05-08T14:21:52.954Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43416.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/7e5f60b8cfc02a2b23a40a5f5fd2fa81d010e737"},{"type":"WEB","url":"https://git.kernel.org/stable/c/98074e16742ae87fb82e234b419783c5ffc9baea"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e9bbfb4bfa86c6b5515b868d6982ac60505d7e39"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43416.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43416"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"20002ded4d937ca87aca6253b874920a96a763c4"},{"fixed":"98074e16742ae87fb82e234b419783c5ffc9baea"},{"fixed":"7e5f60b8cfc02a2b23a40a5f5fd2fa81d010e737"},{"fixed":"e9bbfb4bfa86c6b5515b868d6982ac60505d7e39"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43416.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.32"},{"fixed":"6.18.19"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.9"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43416.json"}}],"schema_version":"1.7.5"}