[CVE-2015-8963] [Trusty/Vivid] [PATCH 0/1] perf: Fix race in swevent hash
Brad Figg
brad.figg at canonical.com
Fri Jun 9 11:27:36 UTC 2017
CVE-2015-8963
There's a race on CPU unplug where we free the swevent hash array
while it can still have events on. This will result in a
use-after-free which is BAD.
Simply do not free the hash array on unplug. This leaves the thing
around and no use-after-free takes place.
When the last swevent dies, we do a for_each_possible_cpu() iteration
anyway to clean these up, at which time we'll free it, so no leakage
will occur.
Peter Zijlstra (1):
perf: Fix race in swevent hash
kernel/events/core.c | 19 +------------------
1 file changed, 1 insertion(+), 18 deletions(-)
--
2.7.4
More information about the kernel-team
mailing list