A flaw was found in the Linux kernel. It is possible to overflow a perf_event's read_size, causing an out-of-bounds write in perf_read_group(). The check meant to prevent such an overflow in perf_event_validate_size() does not account for groups of events with mixed read_format values. The flaw can be triggered with events created with PERF_FORMAT_GROUP or events added with PERF_FORMAT_GROUP after some preconditions. The bug was introduced around fa8c269353d5 ("perf/core: Invert perf_read_group() loops"). Fixes: a723968c0ed3 ("perf: Fix u16 overflows"). Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=382c27f4ed28f803b1f1473ac2d8db0afc795a1b
*** Bug 2255286 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0930 https://access.redhat.com/errata/RHSA-2024:0930
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:1019 https://access.redhat.com/errata/RHSA-2024:1019
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:1018 https://access.redhat.com/errata/RHSA-2024:1018
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:1404 https://access.redhat.com/errata/RHSA-2024:1404
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:1607 https://access.redhat.com/errata/RHSA-2024:1607
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:1614 https://access.redhat.com/errata/RHSA-2024:1614
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:1840 https://access.redhat.com/errata/RHSA-2024:1840
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:1836 https://access.redhat.com/errata/RHSA-2024:1836
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394