A flaw was found in the Linux kernels pressure stall information subsystem. An local attacker able to register a PSI trigger and wait using the poll() call can create a use-after-free issue and possibly cause other unknown side-affects in kernel space. The pressure stall subsystem is built with CONFIG_PSI_DEFAULT_DISABLED, which means it needs to be explicityl enabled with a kernel boot time parameter of 'psi=1'. Without this parameter the system is not affected. Upstream: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a06247c6804f1a7c86a2e5398a4c1f1db1471848
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2120199]
This was fixed for Fedora with the 5.15.19 stable kernel updates.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7444 https://access.redhat.com/errata/RHSA-2022:7444
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7683 https://access.redhat.com/errata/RHSA-2022:7683
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-2938
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:1188 https://access.redhat.com/errata/RHSA-2024:1188