LiveActive security incident?Get immediate response
CVE Record

CVE-2024-46848: perf/x86/intel: Limit the period on Haswell

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174 intel_pmu_handle_irq+0x285/0x370 Call Trace: <NMI> ? __warn+0xa4/0x220 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? report_bug+0x3e/0xa0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x18/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? irq_work_claim+0x1e/0x40 ? intel_pmu_handle_irq+0x285/0x370 perf_event_nmi_handler+0x3d/0x60 nmi_handle+0x104/0x330 Thanks to Thomas Gleixner's analysis, the issue is caused by the low initial period (1) of the frequency estimation algorithm, which triggers the defects of the HW, specifically erratum HSW11 and HSW143. (For the details, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/) The HSW11 requires a period larger than 100 for the INST_RETIRED.ALL event, but the initial period in the freq mode is 1. The erratum is the same as the BDM11, which has been supported in the kernel. A minimum period of 128 is enforced as well on HSW. HSW143 is regarding that the fixed counter 1 may overcount 32 with the Hyper-Threading is enabled. However, based on the test, the hardware has more issues than it tells. Besides the fixed counter 1, the message 'interrupt took too long' can be observed on any counter which was armed with a period < 32 and two events expired in the same NMI. A minimum period of 32 is enforced for the rest of the events. The recommended workaround code of the HSW143 is not implemented. Because it only addresses the issue for the fixed counter. It brings extra overhead through extra MSR writing. No related overcounting issue has been reported so far.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This Linux kernel issue affects Intel Haswell performance monitoring. Under certain perf-event timing conditions, hardware errata can trigger stuck interrupt-loop warnings. The public record shows a kernel fix, but no CVSS score, CWE, or confirmed active exploitation.

Executive priority

Treat as a targeted kernel maintenance item, not an emergency based on current evidence. Prioritize patching on Haswell Linux systems, especially shared or performance-monitoring-heavy hosts.

Technical view

The kernel perf/x86/intel code used very small initial periods in frequency mode. On Haswell, this interacts with errata HSW11 and HSW143. The fix enforces minimum PMU event periods: 128 for INST_RETIRED.ALL and 32 for other events.

Likely exposure

Exposure appears limited to Linux systems running affected kernel versions on Intel Haswell-class hardware where perf events or similar PMU activity can be exercised. The provided data does not establish remote exposure.

Exploitation context

KEV is false and the bundle cites no public exploitation. The issue was observed while running an LTP regression test for CVE-2015-3290 concurrently, producing kernel warnings in NMI/perf handling.

Researcher notes

The record ties the defect to Haswell PMU errata and perf frequency estimation periods. The recommended HSW143 workaround was not implemented because it targets only fixed counter 1 and adds MSR overhead.

Mitigation direction

  • Apply vendor kernel updates containing the referenced stable fixes.
  • Prioritize Haswell systems where perf events are enabled or used.
  • Track Debian LTS guidance if running affected Debian kernels.
  • If updates are unavailable, follow vendor guidance for temporary controls.

Validation and detection

  • Inventory Linux kernel versions and Intel Haswell hardware exposure.
  • Check vendor changelogs for CVE-2024-46848 or the referenced stable commits.
  • Review kernel logs for perf-event NMI warnings described in the CVE.
  • Confirm patched kernels enforce Haswell PMU minimum periods.
Prepared
Confidence
medium
Sources
7

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-46848 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
6Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux3a632cb229bfb18b6d09822cc842451ea46c013e, 3a632cb229bfb18b6d09822cc842451ea46c013e, 3a632cb229bfb18b6d09822cc842451ea46c013e, 3a632cb229bfb18b6d09822cc842451ea46c013eunaffected
LinuxLinux3.11, 0, 6.1.110, 6.6.51, 6.10.10, 6.11affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.