Описание
In the Linux kernel, the following vulnerability has been resolved:
tracing: dynevent: Add a missing lockdown check on dynevent
Since dynamic_events interface on tracefs is compatible with
kprobe_events and uprobe_events, it should also check the lockdown
status and reject if it is set.
A missing security check was found in the Linux kernel's tracing subsystem in the dynamic events interface on tracefs. A local user can bypass kernel lockdown restrictions by using the dynamic_events interface to create kprobes or uprobes, since this interface lacks the lockdown validation present in the equivalent kprobe_events and uprobe_events interfaces. This allows unauthorized modification of kernel tracing state on systems where lockdown should prevent such operations.
Отчет
Kernel lockdown is a security feature that restricts certain operations when the system is in a secured state, such as when Secure Boot is enabled. The kprobe_events and uprobe_events tracefs interfaces properly check lockdown status before allowing probe creation, but the dynamic_events interface provides equivalent functionality without this check. An attacker on a lockdown-enabled system could use dynamic_events to attach probes that would otherwise be blocked, potentially enabling kernel inspection or tampering that lockdown was meant to prevent. Exploitation requires local access to tracefs, which typically requires root or membership in the tracing group.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | kernel | Fix deferred | ||
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel | Fix deferred | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
4.4 Medium
CVSS3
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: tracing: dynevent: Add a missing lockdown check on dynevent Since dynamic_events interface on tracefs is compatible with kprobe_events and uprobe_events, it should also check the lockdown status and reject if it is set.
In the Linux kernel, the following vulnerability has been resolved: tracing: dynevent: Add a missing lockdown check on dynevent Since dynamic_events interface on tracefs is compatible with kprobe_events and uprobe_events, it should also check the lockdown status and reject if it is set.
tracing: dynevent: Add a missing lockdown check on dynevent
In the Linux kernel, the following vulnerability has been resolved: t ...
In the Linux kernel, the following vulnerability has been resolved: tracing: dynevent: Add a missing lockdown check on dynevent Since dynamic_events interface on tracefs is compatible with kprobe_events and uprobe_events, it should also check the lockdown status and reject if it is set.
EPSS
4.4 Medium
CVSS3