CVE-2023-2235

CVE-2023-2235

A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.

The perf_group_detach function did not check the event’s siblings’ attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.

We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.

Source: CVE-2023-2235

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다