[SRU Focal,Jammy,OEM-6.1,Lunar,Mantic 0/3] CVE-2023-6931
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Wed Jan 3 19:04:02 UTC 2024
[Impact]
An out-of-bounds write is possible when using perf events. On systems where
unprivileged users have access to perf (perf_event_paranoid <= 3 on 5.4 and
later), this could allow privilege escalation.
[Backport]
On Jammy and Focal, an extra pre-requisite was added, introducing the
ability to read lost samples per event. Though not strictly necessary,
that's how upstream stable did it, so this would make future changes easier.
[Test case]
A reproducer was built and tested. The system no longer crashes after
these changes.
[Potential regression]
perf users may regress or new vulnerabilities might be possible.
Mark Rutland (1):
perf: Fix perf_event_validate_size() lockdep splat
Peter Zijlstra (1):
perf: Fix perf_event_validate_size()
kernel/events/core.c | 69 ++++++++++++++++++++++++++++++--------------
1 file changed, 47 insertions(+), 22 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list