Описание
A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.
The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.
We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.
The Linux kernel's Performance Events subsystem has a use-after-free flaw that occurs when a user triggers the perf_group_detach and remove_on_exec functions simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Отчет
The Red Hat Enterprise Linux 8.4 version is not affected by this flaw, as the vulnerable code was introduced in later versions of the Linux Kernel and was not backported to older releases.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2023:4541 | 08.08.2023 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2023:4517 | 08.08.2023 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | kernel | Fixed | RHSA-2023:5627 | 10.10.2023 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2023:3723 | 21.06.2023 |
| Red Hat Enterprise Linux 9 | kernel-rt | Fixed | RHSA-2023:3708 | 21.06.2023 |
| Red Hat Enterprise Linux 9 | kpatch-patch | Fixed | RHSA-2023:3705 | 21.06.2023 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2023:3723 | 21.06.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.
A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.
A use-after-free vulnerability in the Linux Kernel Performance Events ...
A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.
EPSS
7.8 High
CVSS3