[PATCH 0/1] [SRU] [focal/linux-oem-5.6] CVE-2020-14351
Tim Gardner
tim.gardner at canonical.com
Thu Mar 11 19:07:33 UTC 2021
[Impact]
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in
the perf subsystem allowing a local attacker with permission to monitor perf
events to corrupt memory and possibly escalate privileges. The highest threat
from this vulnerability is to data confidentiality and integrity as well as
system availability.
>From the Ubuntu security team:
It was discovered that a race condition existed in the perf subsystem of the
Linux kernel, leading to a use-after-free vulnerability. An attacker with
access to the perf subsystem could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.
[Test Case]
none
[Potential regression]
Patch released in
linux-4.14.y
linux-4.19.y
linux-4.4.y
linux-4.9.y
linux-5.4.y
linux-5.8.y
linux-5.9.y
More information about the kernel-team
mailing list