A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.
The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.
We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.
References
Configurations
Configuration 1 (hide)
|
History
25 Aug 2023, 15:24
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:* |
28 Jun 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Jun 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 May 2023, 03:05
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:* |
|
CWE | CWE-416 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd0815f632c24878e325821943edccc7fde947a2 - Mitigation, Patch | |
References | (MISC) https://kernel.dance/fd0815f632c24878e325821943edccc7fde947a2 - Patch | |
First Time |
Linux linux Kernel
Linux |
01 May 2023, 13:38
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-01 13:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-2235
Mitre link : CVE-2023-2235
CVE.ORG link : CVE-2023-2235
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-416
Use After Free