A flaw in the Linux Kernel found. A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd0815f632c24878e325821943edccc7fde947a2
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2192649]
This was fixed for Fedora with the 6.2.8 stable kernel updates.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:3705 https://access.redhat.com/errata/RHSA-2023:3705
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:3708 https://access.redhat.com/errata/RHSA-2023:3708
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:3723 https://access.redhat.com/errata/RHSA-2023:3723
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4137 https://access.redhat.com/errata/RHSA-2023:4137
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4138 https://access.redhat.com/errata/RHSA-2023:4138
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4541 https://access.redhat.com/errata/RHSA-2023:4541
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4517 https://access.redhat.com/errata/RHSA-2023:4517
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:5627 https://access.redhat.com/errata/RHSA-2023:5627