A race condition in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.
Created kernel tracking bugs for this issue: Affects: fedora-34 [bug 2089288] Affects: fedora-35 [bug 2089289]
Why are we creating separate Fedora tracking bugs for different versions with this? Typically there is a single Fedora bug, which makes it much easier since typically all Fedora versions are on the same kernel version, and I file a single update for all supported releases which bodhi breaks out on the back end.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Via RHSA-2022:5157 https://access.redhat.com/errata/RHSA-2022:5157
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:5224 https://access.redhat.com/errata/RHSA-2022:5224
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:5220 https://access.redhat.com/errata/RHSA-2022:5220
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:5232 https://access.redhat.com/errata/RHSA-2022:5232
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:5236 https://access.redhat.com/errata/RHSA-2022:5236
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5267 https://access.redhat.com/errata/RHSA-2022:5267
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5249 https://access.redhat.com/errata/RHSA-2022:5249
Gday Alex, We could possibly change this, however i'm reading the docs: perf_event_paranoid: Controls use of the performance events system by unprivileged users (without CAP_SYS_ADMIN). The default value is 2. -1: Allow use of (almost) all events by all users Ignore mlock limit after perf_event_mlock_kb without CAP_IPC_LOCK >=0: Disallow ftrace function tracepoint by users without CAP_SYS_ADMIN Disallow raw tracepoint access by users without CAP_SYS_ADMIN >=1: Disallow CPU event access by users without CAP_SYS_ADMIN >=2: Disallow kernel profiling by users without CAP_SYS_ADMIN Are you proposing that we add it and set it the default or just have the option there ? I think changing the default to 3 would not be an easy sell for engineering. Adding it as an option may be possible but will need upstream first. The best contat that I can think of would be Michael Petlan, he's always been very good at getting to the root of the problem. As I haven't looked at the patch though, how is this different than 2? Wade.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5564 https://access.redhat.com/errata/RHSA-2022:5564
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5565 https://access.redhat.com/errata/RHSA-2022:5565
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:5636 https://access.redhat.com/errata/RHSA-2022:5636
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:5626 https://access.redhat.com/errata/RHSA-2022:5626
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:5633 https://access.redhat.com/errata/RHSA-2022:5633
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Via RHSA-2022:5806 https://access.redhat.com/errata/RHSA-2022:5806
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Advanced Update Support Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Red Hat Enterprise Linux 7.6 Telco Extended Update Support Via RHSA-2022:6432 https://access.redhat.com/errata/RHSA-2022:6432
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions Red Hat Enterprise Linux 7.7 Telco Extended Update Support Via RHSA-2022:6741 https://access.redhat.com/errata/RHSA-2022:6741
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-1729