APPLIED[M,L,J,F]: [SRU Focal,Jammy,OEM-6.1,Lunar,Mantic 0/3] CVE-2023-6931
Roxana Nicolescu
roxana.nicolescu at canonical.com
Thu Jan 4 16:32:10 UTC 2024
On 03/01/2024 20:04, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> An out-of-bounds write is possible when using perf events. On systems where
> unprivileged users have access to perf (perf_event_paranoid <= 3 on 5.4 and
> later), this could allow privilege escalation.
>
> [Backport]
> On Jammy and Focal, an extra pre-requisite was added, introducing the
> ability to read lost samples per event. Though not strictly necessary,
> that's how upstream stable did it, so this would make future changes easier.
>
> [Test case]
> A reproducer was built and tested. The system no longer crashes after
> these changes.
>
> [Potential regression]
> perf users may regress or new vulnerabilities might be possible.
>
> Mark Rutland (1):
> perf: Fix perf_event_validate_size() lockdep splat
>
> Peter Zijlstra (1):
> perf: Fix perf_event_validate_size()
>
> kernel/events/core.c | 69 ++++++++++++++++++++++++++++++--------------
> 1 file changed, 47 insertions(+), 22 deletions(-)
>
Applied to mantic, lunar, jammy, focal master-next branches. Thanks!
More information about the kernel-team
mailing list